NETWORK PENETRATION TESTING
Network Penetration Testing
Network Penetration Testing (or pen testing) is a full hacking test against a computer network. Penetration testers will use all the same techniques as a malicious hacker to help identify weaknesses in the network. The report includes a detailed description of each finding along with recommendations to help improve the overall security of the network.
More than just automated scans
At Tanner, we recognize that solely relying on automated scanning tools often leads to missed serious security flaws. We use a combination of industry-standard scanning tools and manual hacking techniques to test network systems. Our personalized services include methods of manually investigating and testing your network to provide more complete coverage and help uncover hidden vulnerabilities or security concerns that would otherwise go unnoticed.
Tanner follows a comprehensive process for every penetration test. Our hybrid testing process combines automated tools with manual testing to find hidden or previously unknown vulnerabilities. We understand that hackers constantly find new and creative ways to hack into a network, so we take the same approach during penetration testing. This is a key component of effective network penetration testing, because it simulates the mindset of a real hacker and provides more realistic test results.
Below are some of the methods we use as part of the manual testing process:
Password Cracking (Brute Force/Dictionary)
HTTP Parameter Tampering
Network Service Probing
Qualifications and Experience
Tanner’s penetration tests are performed by qualified, experienced security analysts, all of whom have earned industry-standard certifications. All engagements are lead by an analyst with at least one of the following certifications:
Certified Ethical Hacker (CEH)
Certified Information Systems Security Professional (CISSP)
Bachelor's Degree in IT Security
Security on multiple fronts
Our network penetration testing services offer comprehensive coverage for both your external and internal networks.
External Network Penetration Testing
We test your systems from an external location. This simulates the actions of an attacker trying to break in from from outside the network. External networks are attacked daily and need to be as secure as possible.
Internal Network Penetration Testing
We test your systems from inside your network. This shows what an attacker might be able to access if a device on the network is compromised with malware, or if the attacker places a rogue device on the network.
Will a penetration test slow down my network or affect my business operations?
Our team takes multiple precautions to ensure that your business operations and network remains fully functional during the penetration test. Our point of contact will maintain open and constant communication to arrange for times when using automated tools and more intrusive tests can be performed.
How often should a penetration test be performed?
While every organization’s needs are different, we generally recommend annual penetration testing to meet the requirements of various compliance standards. These annual tests will reveal any emerging vulnerabilities or hidden threats that could only be identified with thorough, regular, in-depth testing.
Penetration tests should also be performed whenever your network experiences:
Significant software or hardware modifications
Re-architecting of the network infrastructure
Modification of IS policies, procedures, or processes
Penetration Test Deliverable
After each test is performed, we deliver an actionable report containing the following information:
Instructions on Recreating Test Results
Detailed Explanation Findings and Associated Risks
Recommendations for how to address each finding
The report highlights the gaps identified in tests, along with Tanner’s prioritized recommendations for remediating the identified risks. The end result is an improvement in the overall security of the application. Our findings take into consideration the size of the company and the sensitivity of its data when determining the importance and urgency of each recommendation.