IT Question – Penetration Testing

Home Forum Chat Forum IT Question – Penetration Testing

Viewing 15 posts - 1 through 15 (of 15 total)
  • IT Question – Penetration Testing
  • Premier Icon Coyote
    Subscriber

    I’d like to investigate the options for pen testing our network perimeter. Has anyone done this recently and who did you employ to do it?

    Cheers.

    Premier Icon tootallpaul
    Subscriber

    Coyote,

    I’ll find out who we use and get back to you later…

    We have to get it done monthly as part of our PCI accreditation.

    We use nessus for our internal vulnerability scanning.

    http://www.tenable.com/products/nessus?gclid=CMG4kPKetLsCFTMftAodRiAAoQ

    Cheers,

    Paul

    b r
    Member

    Whoever you use, don’t wait to do it again – contract them to do it regularly.

    FuzzyWuzzy
    Member

    We used http://www.dionach.com/ for a few years, seemed OK (we now have our own security services consultancy business so do it in-house).
    Something that amused me a couple of years ago is that our HR department tried to ban the use of the term “penetration testing” internally in case it offended anyone, fortunately common-sense prevailed…

    Premier Icon NZCol
    Subscriber

    I have a team of 10 testers and we have a few UK teams as well all crest certified. I would test your apps as well as they will be more vulnerable than your network unless it was built by a numpty. Feel free to drop me a line.

    samuri
    Member

    If you don’t take NZCol up on his offer then I’d recommend pentest
    http://www.pentest.co.uk
    I can provide contact details. They’re NorthWest based as well.

    He is right though, it’s quite hard to get your infrastructure wrong so app testing is a lot more important nowadays. get in touch if you want a chat about this.

    If your new company is on a budget (this stuff is rarely cheap), then again, lets have a chat. One of my pentesting guys will probably be up for a bit of weekend work.

    purpleyeti
    Member

    NZCol which company is it?

    another offer here i work for one of the bigger independent security consultancies so drop me a line if you want any info.

    samuri – you clearly haven’t seen some of the networks i’ve tested, it’s amazing how wrong many professional people get their external networks. And internal is nearly always done poorly.

    Premier Icon Cougar
    Subscriber

    We had Pen testers in not so long ago.

    First thing they did was ask for physical access to the network and a list of all the subnets in use. Then they sat there with Backtrack open all day. I don’t know how much we paid for that but I’d hazard “too much”.

    samuri
    Member

    Yeah, fair enough. Here’s me assuming people build networks how I tell my guys to build them. 😉

    If they were using Backtrack, Cougar, they really were a bit crap, it’s no longer being developed and has been replaced by Kali.

    scuttler
    Member

    If you’re doing this for compliance then any old tools+report pen test company will do. If you’re doing it to really figure out what might happen and to set security budgets then you need to be testing your people and processes too (social engineering, phishing, incident response etc). This naturally costs more but will provide far more valid ‘state of the nation’ and give you a better idea of how you need to spend your security budget beyond tweaking some firewall rules and patching IIS.

    The company I work for use IRM

    Premier Icon Coyote
    Subscriber

    As always guys you have served up a smorgasbord of information.

    Thanks! 😀

    Premier Icon thetallpaul
    Subscriber

    I used to work for the NCC Group based in Manchester. One of the bigger Pen testing firms. I work in Test Automation, and from what I saw these guys were very good.
    Cover everything from physical pen / access testing to white hat hacking.

    Premier Icon Coyote
    Subscriber

    Funnily enough I’ve got a guy from NCC popping over after Christmas.

    purpleyeti
    Member

    oh well i can’t actually fault ncc, although most of my friends there have swapped companies recently

Viewing 15 posts - 1 through 15 (of 15 total)

The topic ‘IT Question – Penetration Testing’ is closed to new replies.