Home  Section:
O2 Business Solutions
 

Penetration Testing

  • Are you in doubt about the high level of security of your information systems and data stored within?
  • Would you like to know the real level of security of your ICT infrastructure, systems, applications and real risks they present for your company?
  • Do you need to show the level of your security for the purpose of audits, certifications, business partners, etc.?
  • Do you need to adjust the level of your ICT with some of the generally binding norms for your company (Compliance).

If the answer is yes, let us test your information systems and network infrastructure with the help of our security specialists, who will perform a simulation of real attacks your systems and networks could potentially face.

General description of penetration testing done by Telefónica Business Solutions

The aim of penetration testing offered by Telefónica Business Solutions is the identification of weaknesses of your information systems and networks, identifying the related risks and suggesting measures leading to minimization of impacts following from these risks.

Main benefits of penetration testing

  • They can serve as a starting point when introducing or modifying information security in your company
  • They can prove the effectiveness of previously exerted costs for ICT security solution as well as justify and defend future investments into ICT security
  • The help increase the security level of your information systems as well as of the whole company through identifying potential risks or weaknesses of your information systems before the invader.
  • They can help and find out whether the legislative conditions set for your company by the valid laws are being followed
  • The guaranteed  to your partners a higher level of security of your systems
  • The evaluation of carried out tests can help you review the impact of changes and security amendments in your ICT infrastructure

The procedure of the realization of penetration tests

  • Penetration test with limited or null starting knowledge about tested systems and customer environment (so called black box testing). This test presents an adequate simulation of a hacker attack, who is gaining information strictly on the results of his own research or from publicly available sources
  • Penetration test with full starting knowledge about tested systems and customer environment (so called white box testing). In this case, familiarization of our specialists with your environment and tested systems happens prior to the realization of penetration test
  • Open penetration test – administrators of tested systems are informed about the ongoing testing and their cooperation can be used. Administrators can also verify the functioning of implemented monitoring and security tools.
  • Hidden penetration test – only selected people (except for IT employees in charge of testing systems) are informed about the testing. The aim of this testing is to find out the reaction of administrators to the actual testing (reaction to potential threat)

Above given possibilities can be combined to suit your need and penetration test can of course be amended t your needs and requests.

External penetration tests

The aim of these tests is to check the level of security of your internet connection as well as information system and services accessible from the Internet. Our specialists will test your systems from the perspective of a hacker, who is trying to attack your systems through Internet. Telefónica Business Solutions offers external penetration tests in several varieties, which vary in their particularity and so their complexity.

Internal penetration tests

These tests simulate the attack of a regular non-privileged user from the internal network (i.e. employee), who is trying to carry out an unauthorized access to data saved through company information systems. These tests will check the quality of internal security mechanisms, which should protect the company systems and data from unauthorized accesses from the regular users. Unauthorized accesses can be both intentional (i.e. gaining sensitive data with the aim to sell them) as well as unintentional (i.e. a fault in system implementation).

The following additional tests can be carried out as part of the internal penetration tests:

  • testing the strength of a selected sample of user passwords,
  • testing the functionality of implemented antivirus and anti-spam systems,
  • interception of system operations on the internal network – analysis of data flow, protocols etc.

Testing of web applications

These tests are aimed to identify the level of security when accessing certain web applications that are accessible from the Internet (from the hacker position) or from internal customer networks (from the authorized user perspective). Our specialists will test the endurance of your applications against the most common attacks and threats that can come both from the Internet and from the internal network.

Summary of the benefits of penetration tests

The ICT security certainly does not finish when implementing selected security mechanism, e.g. firewall, antivirus, VPN or others. It is a continuous process, which has to react to new threats and risks following from operating current and implementing new information systems. What was considered secure yesterday must not necessarily be secure tomorrow, or even today. The invaders are and always will be a step ahead of the others.

Penetration tests can help you check the functioning and sufficiency of current security mechanisms of your ICT on the one side and will be a valid argument for their expansion or implementation of new mechanisms and systems on the other side. The real strength and value of the penetration tests lies in their repetition, which should happen regularly (e.g. once a year) as well as after carrying out bigger changes to the testing systems, alternatively after implementing new systems.

banner