Security Assessments

Penetration Tests

Penetration tests are a great way to simulate the presence of a hacker, malicious user or entity aiming to breach an organization's information system.They will identify vulnerabilities present in a system or network that has existing security measures in place.

A penetration test usually involves the use of attacking methods conducted by trusted individuals that are similarly used by hostile intruders or hackers. The results of these tests or attacks are then documented and presented as a report to the owner of the system and the vulnerabilities identified can then be resolved. A penetration test is characterized by a person at a computer behaving as a hacker would, running a series of manual, simulated attacks against your information systems.

Penetration tests are valuable for several reasons:

  • Assessing the magnitude of potential business and operational impacts of successful attacks
  • Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
  • Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
  • Testing the ability of network defenders to successfully detect and respond to the attacks
  • Determining the feasibility of a particular set of attack vectors
  • Providing evidence to support increased investments in security personnel and technology

Penetration testing services:

  • External network penetration testing
  • Internal network penetration testing
  • Web application penetration testing
  • Mobile application penetration testing
  • Wireless penetration testing
  • Physical penetration testing
  • Social engineering (includes phishing simulation)
  • Standalone application testing

Digital Forensics

Potech Consulting's experts can retrieve digital information to identify the nature of the crime, the time it was committed and to identify any other parties who were involved in it. Computer data can exist in scrambled or encoded form, unrecognizable to end users. Digital Forensics is increasing in importance for a number of reasons, not the least of which is that computers and the Internet represent the fastest growing technology tools used by cyber criminals.

Digital Forensics aims to identify material of potential interest, acquire it safely so as to avoid contamination both to the item and to the system it came from and preserve the material for repeated later examinations. In relation to regular documents and records, this is achieved by following generally recognized protocols and procedures, creating an audit trail of activities and generally being able to demonstrate continuity of evidence explaining everything that has happened to the evidence.

Potech Consulting’s experts deal with identifying, collecting, analyzing and protecting information residing on information systems that could be used as evidence. Our team of experts have a number of tools at their disposal for dealing with many of the different challenges posed by the proper handling of digital evidence. 

Vulnerability Assessments

Outdated applications, unpatched operating systems, vulnerabilities and misconfigurations, default and generic users enabled…. All of these issues and more can be identified through our vulnerability assessments. It’s the most time efficient method to list major findings and known security weaknesses in large environments, especially the ones storing and processing sensitive information or providing network services for internal and external users. Vulnerability assessments can give a generic evaluation of the examined environment that can be extended to a penetration test later on.

In addition to that, recommendations are proposed to enhance the environment and an action plan is prepared to set the priorities and mitigate the related risks.

IT Infrastructure Security Review

In the past few years, information became a major factor in business models. It is one of the major asset owned by any organization. That is why, threats and attacks targeting sensitive information are increasing on daily basis.

IT infrastructure comprises several components to fulfill the needs of the business and IT operations, whilst others are specially designed to provide security.

Since implementing special security products, tools or systems is far from enough, our “IT Infrastructure Security Review” will check the whole design, each layer and each security level. The goal is to enforce a defense in depth approach through the implementation of  several security layers to protect the environment against attacks and threats.

The assessment covers all areas, from network equipment, mail filter, network communications, LAN topology, remote connectivity to log management and event correlation, network management, etc.

Hardening Procedures

Most networks are protected by multiple security devices to limit unauthorized access to the system. Yet, even with these security measures in place, information system’s components are often still vulnerable to different kinds of intrusions. Thus, system hardening aims to eliminate as many security risks as possible in order to preserve the confidentiality, integrity and availability of the information system.