Overview

A Penetration test will help your company understand the present hidden problems in your networks. Right from ERP package to Network Printers and Workstations to firewalls, everything will be tested for in-depth security.

We will immediately identify any sub-standard products / services present in the network that may lead to machine downtime or compromise from a security outlook. A must for every company, Penetration test must be performed every six months for Network self-diagnostics and self-assessment.

What all will be reviewed in a complete penetration test? Here is a list:
  1. Internet Vulnerability Assessment and Penetration Testing
  2. DMZ or Network Architecture Designs / Reviews
  3. Web Application Assessments
  4. Intranet Vulnerability Assessment and Penetration Testing
  5. Host Diagnostic Reviews
  6. Firewall Diagnostic Reviews
  7. Physical Security Reviews
  8. Security Policy Review or Development
  9. Server Vulnerability report
  10. Incident Response Program Development or Review
What’s my benefit of going for a Penetration test for my network?
Let's start with a simple example. Penetration testing, like vulnerability assessment, is similar to a health check-up. You may not know if anything is wrong until you go to the doctor's office and have him examine you. There are many services, products, applications and programs in your company on which both internal and external users are dependent on. How will you assess its durability and security? Penetration test is the likely answer for all such existing resources.
How will a firewall review help us? It is already in place and working smoothly.
It is working smoothly only because no one is touching it. When we say touching it, we mean probing and poking it like a real hacker. We will use every trick to bypass the firewall and observe its response. This is as good as testing your water-proof watch once by throwing it in water!
But wait, it says it is also going to assess Web applications? What does it mean?
It means your company will be in a position to test its current website, and any intranet based dashboard / ERP package that it is deploying for collaboration and consolidation. A Pen test will check for possible loopholes in implementation of these services.
Incident response program? Now what is that?
An incident response program is like how fast the fire brigade will come to your rescue if your house catches fire. We will design a framework that will enable your organization to respond in time towards an incident. This can mean suggesting additional hardware resources or implementing a process in place for quick response in event of a technical disaster.
What are the deliverables? How will we know you are doing it at all?

At the conclusion of the assessment, Orchidseven will provide written documentation of the approach, findings and recommendations associated with this project. The documentation will consist of the following:
DETAILED TECHNICAL REPORT
A document developed for the use of Company’s technical staff which discusses:
  • The methodology employed
  • Positive security aspects identified
  • Detailed technical vulnerability findings
  • An assignment of a risk rating for each vulnerability
  • Supporting detailed exhibits for vulnerabilities when appropriate
  • Detailed technical remediation steps.
EXECUTIVE SUMMARY REPORT
A document developed to summarize:
  • The scope
  • Approach
  • Findings and recommendations, in a manner suitable for senior management.

Customers who have taken this service, have also shown interest in the following certifications - H3X and WAPT