Synergon System Integrator
Increase font sizeDecrease font size
Print
Ethical Hacking

Ethical security testing is performed by our experts in coordination with the customer and in accordance with the customer’s requirements in each event. Its objective is to explore the security loop holes and inadequacies in the customer’s system.

Ethical hacking steps 

Social engineering 

Its objective is to collect information on the customer's system through different channels. Many people think that intrusions into the computer network originate in system errors exploited by intruders. However, in reality the security of a system is not only threatened by the errors of the system elements but also by the other inadequacies traceable in the other elements constituting part of the system. Human resources and physical insurance are also such elements. Information which can be gained through human resources quite often helps the attacker in avoiding the security barriers, such as firewalls or intrusion detection systems. The credulousness or lack of alertness by computer users often facilitates an easy intrusion into a protected system, even in situations when the attacker is not authorized to access at all.

Technical information technology testing 

The technical security checking comprising of the following activities is performed on the basis of the information gained by social engineering.

External intrusion testing 

In the course of the external intrusion testing a simulated attack is performed against the customer's network, mainly aiming at exploring any system errors. In the course of the testing, tools which are accessible to anyone are intended to be used so that the generality of the test can be ensured. A continuous contact shall be kept between the representatives of the two companies for the purpose of coordinating certain points. The testing can be divided into several stages, such as mapping investigation, passive exploration, general, low risk level testing, specific and high risk level testing.

Synergon Information Systems Plc. creates a journal on each point of the performed tests so the events can be exactly traced during occasional control tests in the future. The derived test results are interpreted, the interpreted material is handed over consisting not only of the explored problems and inadequacies, but the solutions to them as well. The test results are also handed over as appendices to the document, comprising of the recommendations required for correction.

Internal system testing

In the course of the testing, Synergon Information Systems Plc.’s experts aim at mapping the system and its vulnerable points from the customer’s internal system side. The unauthorized intruder attempting an attack from outside either stops or starts a systematic mapping after a successful intrusion. Synergon Information Systems Plc. starts the system testing with the knowledge of the basic system, since the external attacker may come across any kind of information and employees may also have extensive information about things.

Unfortunately, the significant ratio of attacks committed starts from within the company’s own network. So, in the course of the testing, information is intended to be gained from the internal network taking in consideration that the   tested network is an internal network. Although the smoothness of the internal work shall also be observed, everything shall be tested in a systematic manner, which may require a relatively long time due to an extended field or the applied systems. The external testing concerns only a couple of machines which are under complete supervision, while the devices located on an internal LAN network often meet only less tight requirements.

Server and network resource testing

This phase contains the lowest risk factor in the course of the testing. The implemented network is scrutinized together with the supervision of the entire documentation in the course of the testing. This is based on personal consultation, where Synergon Information Systems Plc.’s experts appear on the site and inspect the settings of certain software. This requires the constant presence of an expert on the customer’s side who has an adequate knowledge of the system and the rights and authorizations to provide information on the use of the devices constituting the object of the inspection and to give the required authorization for the person performing the testing. Documentation is compiled as a result of the testing on the condition of the system(s) and the recommendations for modifications. The testing makes only recommendations but does not modify the system, unless authorized to do so in a written form. The testing result can be compared to the system documentation and provides a good basis for a procedural audit. The testing is mainly extended to firewalls, servers, routers, but upon request, to workstations as well.

@@portlets.html.upto@@

You can acquire more information about our solutions by contacting us.