Hrvatski
English
RECRO-NET
Home Page
Solutions
Services
Education
Test Center
Customers
References
Skip Navigation LinksRecroNetHrEnglishSolutionsSecurity SolutionsIT Security Testing

 

IT Security Testing (PENETRATION TEST)

 

 

NEED (The Customer problem/need resolved with this solution)

 

The IT systems are fairly complex, composed of a large number of interconnected and dependent segments, and IT technology and Customer requirements change frequently and rapidly. Concurrently, implementation deadlines are increasingly reduced, and consequently, IT systems become vulnerable to malevolent attacks. Irrespective of undertaken preventive measures for protection, the Customer can never be completely certain of the extent of system vulnerability, or its ability to detect all User misuses or to repair their effects.

Due to prospective system vulnerability, the Customers occasionally have a need and sometimes also a legal obligation (PCI norm and Croatian National Bank requirements) to carry out the penetration test. The penetration test is a simulation of the attack of a highly motivated and trained IT system attacker. The attacker only has publicly available information and unprivileged IT system access. The Customers have a need to test their IT system vulnerability to a variety of attack routes: over the Internet, wireless network, internal local network. This type of testing is used to detect actual current vulnerability and defects that can be used to threaten the IT system confidentiality, accessibility and integrity.

 

SOLUTION (What does the solution offer?)

 

According to the preliminary arrangement with the Customers, the RECRO-NET team of experts makes an attempt to use the IT system vulnerability and gain access to the system exceeding the level of their authorization. The team makes arrangements with the Customer concerning the attack route (e.g. over the Internet), the attack target (e.g. a network segment, a specific device or application), time of the attack and methods that will not be used during the testing (e.g. social engineering or service denial). The Customers should consider all system segments that remain untested as vulnerable. RECRO-NET only uses ethical testing methods.

The end result of the penetration test is a written report. The report contains a description of the system tested, security defects detected, the level of achieved unauthorized access, and repair recommendations and general recommendations that might increase the IT system security.

The IT systems change in time. The security policy should foresee the penetration test carried out once a year, i.e. subsequent to any severe IT system intervention.

 

BENEFIT (What benefits does the Customer obtain from this solution?)

 

This test brings fairly specific results. The experts who carry out the penetration test can either manage to enter the User system or not. The penetration test does not have any theoretical deficiencies and theoretical protection against phantom threats. Any type of vulnerability detected and described is realistic, with realistic effects for the system security.

The penetration test is a type of prevention against unexpected direct costs, and indirect troubleshooting and repair costs. The Customer benefits from project activities that provide fixed costs, deadlines and clear and accurate project results. It is also important to obtain independent opinion, unaffected by in-house relationships, selling demands or security repair difficulties. 

 

OUR ADVANTAGES (Why to use our solution?)

 

RECRO-NET has a large number of permanently employed specialists for a variety of different areas who can cover virtually any configuration the Customers might have in their possession. There are 4 persons in charge of security. We use both open code based methodology and commercial tools. We can particularly highlight our use of the Qualys device for security testing – a security scanner recognized by the Credit Card Issuer Association.

 

REQUIREMENTS (What requirements should the Customer fulfill?)

 

A confidentiality agreement. On going contact with the technical staff during testing. Obligatory backup of all systems included in testing.

 

PRODUCTS AND SERVICES (What products and services does the solution require and contain?)

 

Services:

 

- Penetration test,

- Development of Reports with Penetration Results,

- Presentation for the Board Members,

- Presentation for the technical staff.