Datasheet. BT Security Ethical Hacking. Network Vulnerability Assessment. Our ethical hacking services help you to determine your actual security posture together with remediation advice to mitigate associated risks. Let us help you identifying vulnerabilities in your network infrastructure before cyber criminals do. Our approach. We have developed our own standardized methodology for carrying out ethical hacking vulnerability assessments for network infrastructures. Our methodology is based on industry standards, such as NIST (National Institute of Standards and Technology) and PTES (Penetration Testing Execution Standard), along with our own checklists, many years of experience, client requirement documents, our own best practices and other well-known references in publicly available resources, such as, forums, technology bulletins, bug navigators and vendor knowledge bases, hacker communities, internet, etc. The first step is to determine the scope of your testing requirement. Depending on your preference we can perform an interview or share our questionnaire with you. Based on the answers, we may issue an ethical hacking agreement together with a statement of work which describes the scope, deliverables, pre-requisites and associated pricing. After approval from you, we start the ethical hacking vulnerability assessment. During the vulnerability assessment, you will be notified via a status update report about the progress. After the actual testing has been performed, we will issue a preliminary report. Within 10 days, we will present all identified vulnerabilities in a final report. Once we have issued the final report to you, you have 10 days to review and request any changes. Any requested changes will be discussed. Upon agreement, the final report will be updated and re-issued. If no changes are requested during this timeframe, the report shall be considered final and the project completed. The reporting of identified vulnerabilities and recommendations (status updates and final report) is based on our Ethical Hacking Centre of Excellence's (ECHoE) own process and templates. In order to guarantee high quality output, all deliverables go through a peer and document quality review.
4
Embed
BT Security Ethical Hacking.. BT Security Ethical Hacking. Network Vulnerability Assessment. Our ethical hacking services help you to determine your actual security posture together
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Our ethical hacking services help you to determine your actual security posture together with remediation advice to mitigate associated risks. Let us help you identifying vulnerabilities in your network infrastructure before cyber criminals do.
Our approach.
We have developed our own standardized methodology for carrying out ethical hacking vulnerability assessments for network infrastructures.
Our methodology is based on industry standards, such as NIST (National Institute of Standards and Technology) and PTES (Penetration Testing Execution Standard), along with our own checklists, many years of experience, client requirement documents, our own best practices and other well-known references in publicly available resources, such as, forums, technology bulletins, bug navigators and vendor knowledge bases, hacker communities, internet, etc.
The first step is to determine the scope of your testing requirement. Depending on your preference we can perform an interview or share our questionnaire with you. Based on the answers, we may issue an ethical hacking agreement together with a statement of work which describes the scope, deliverables, pre-requisites and associated pricing.
After approval from you, we start the ethical hacking vulnerability assessment. During the vulnerability assessment, you will be notified via a status update report about the progress. After the actual testing has been performed, we will issue a preliminary report. Within 10 days, we will present all identified vulnerabilities in a final report. Once we have issued the final report to you, you have 10 days to review and request any changes. Any requested changes will be discussed. Upon agreement, the final report will be updated and re-issued. If no changes are requested during this timeframe, the report shall be considered final and the project completed.
The reporting of identified vulnerabilities and recommendations (status updates and final report) is based on our Ethical Hacking Centre of Excellence's (ECHoE) own process and templates. In order to guarantee high quality output, all deliverables go through a peer and document quality review.
Vulnerability Assessment. Network vulnerability assessment services, delivered by our Ethical Hacking Center of Excellence, identify vulnerabilities in external and internal networks, network services, network protocols, network convergence solutions as well as network systems and devices. This assessment may also cover VPN technologies, with testing activities that include gaining access, traffic manipulation, authentication manipulation and data analysis.
The testing will include, but will not be limited to, the following types of systems:
• router(s), load balancers, proxy appliances and switches.
• firewalls and/or other screening devices.
• mail servers (SMTP, POP3 and IMAP).
• web, name and file servers.
• desktops and network multifunctional devices.
• network attached storage and management appliances.
• IP cameras, DVR’s and other video communication appliances.
• WAN optimization and management appliances.
• other IP connected systems which are identified during the testing.
During the testing, our ethical hacking consultants start by attempting to learn about your network architecture, determine the devices and services available on your network and identify as much information about these targets as possible using publicly available sources, such as, InterNIC, ARIN, DNS records and hacker sites.
After collaborating with your technical team to ensure that the actual testing can be performed without impacting operations, our ethical hacking consultants will begin scanning for vulnerabilities. Our ethical hacking consultants will test all TCP and UDP services and ports. Packet fragmenting and loose-source routing may be used in an attempt to bypass filtering routers and firewalls.
Both commercial tools and EHCoE internally developed tools and scripts are used during the testing.
After both automatic and manual testing for vulnerabilities, a verification of identified vulnerabilities will be performed to remove any false positive.
Optional Penetration Testing? After we finish the vulnerability assessment activities, we may, on your request, attempt to exploit the identified vulnerabilities. The ultimate goal for this step is to demonstrate the consequences of vulnerabilities if exploited by an attacker. This phase may consist of the following steps:
• Gaining access to the targeted systems through software exploitation or configuration issues.
• Privilege escalation including credential extraction.
• Evaluating any data retrieved from the attack (social security numbers, personally identifiable information, bank account details, corporate information).
• Investigate whether hacking tools can be uploaded and installed on the target host.
• Pivoting as an ultimate step to understand overall business impact of successful exploitation of an identified vulnerability.
The results. During the testing, we will immediately report any critical and high risk vulnerabilities identified via a status update report. When the testing has been completed, you will receive a formal report that will contain:
A detailed explanation of the testing activities that have been completed and the methods used by us to determine the results.
A listing of all identified vulnerabilities of your internet presence with a ranking of their level of risk based on the Common Vulnerability Scoring
•
•
System (CVSS), the ease with which they can exploited, and mitigating factors.
An explanation of how to mitigate or eliminate the vulnerabilities including enhancement of your policies, adoption of industry best practices, changes to security processes and enhancement to your internet presence.
•
Within 10 days after the conclusion of testing, we will present all identified vulnerabilities to you in a final report.
Other consulting services. Next to our ethical hacking services we have consulting services to assist you with the mitigation of identified vulnerabilities. In particular, when mitigation requires you to redesign your current network infrastructure, implement other types of technology, review or enhance your security policy, it is good to know that BT has the knowledge to help you.
Datasheet.
Network Vulnerability Assessment.
“ These Ethical Hacking services are not only delivered to our customers to protect their interests, but also used to protect the BT brand every day.
Les Anderson, Vice President Cyber & Chief Security Officer BT.