|
|
|
Ethical Hacking
Positioning: targeted hacking to order from
the perspective of an attacker with the skill level of a hacker/cracker.
Ethical hacking is the most extreme form of
technical security testing. On the basis of a precisely formulated
remit from the client, our security consultants attempt to gain
electronic access to the target system (components in the DMZ or
LAN/WAN). Unlike in a penetration
test, where an attempt is also made to penetrate the test
object, in ethical hacking the test object is actually modified
(which may have legal consequences). Depending on the remit, the
same information channels as hackers use are employed before the
actual attacks (e.g. social engineering, dumpster diving, footprinting
and fingerprinting). The majority of the work is brainwork, i.e.
the scope for using tools is limited.
Because the quality and informativeness of this activity
depends directly on the parameters, including the project budget
available, we agree before the project begins how much time is to
be devoted to ethical hacking and what methods are allowed.
Finally, the procedure, the results achieved and the recommended
countermeasures to eliminate security vulnerabilities are comprehensively
documented in an OSSTMM-compliant manner.
OneConsult GmbH is ISECOM
Licensed Auditor (ILA), Gold Level and our security consultants
are ISECOM certified in various areas of expertize (OPST = OSSTMM
Professional Security Tester, OPSA = OSSTMM Professional Security
Analyst, OSSTMM-Trainer), guaranteeing that the tests will be thorough
and professional and that documentation of the results will be informative
and comprehensive.
Possible procedure
The project is carried out in line with individual requirements
and best practices. For this reason, the actual project phases may
differ from those shown above.
Remarks
- Our Security Consultants know and understand the methods and
tricks that hackers use.
- We only test systems that are under the client's direct control.
- Depending on the remit, our security consultants will also use
test trojans developed specifically for the task (e.g. OneConsult®
Pandora PRO).
- In ethical hacking, the client normally defines the objective
(e.g. saving a predefined file on a server in the LAN or WAN or
remotely administering a PC in the LAN via the Internet), but
not the way it is to be achieved. From a hacker or tester's perspective,
all that is needed is a single security vulnerability that he
can use for his purpose. We will not search for any other security
vulnerabilities that may have the same or even higher potential
to cause damage. To optimize the cost/benefit ratio, we recommend
combining the strengths
of the various test types.
If you're interested in OneConsult and you'd like a no-obligation
consultation or more information, please contact
us.
Further Information
|  |
