Q: Dial-in RAS (Remote Access Services) Penetration Testing (War Dialing)

The features It is an external penetration test by searching for a phone number that is open to a modem that connects to a corporate network (War dialing), which may be either authorized or hacked. This is an important point that many organizations do not consider because it is a technology that has been used for a long time, but if the use is not properly controlled, it can also be used as a channel that intruders can use to penetrate the internal network. Drilling is a test that tests your system via a modem. Using this technique can test all corporate phone numbers in just one day. If can find a phone number to open the modem service, then the test program will randomly name the user and password to penetrate the internal network. So if there is an inappropriate password, there is a chance that the intruder will be able to intrude into the internal network. Benefits for the organization Organizations will be aware of vulnerabilities in remote access systems via their modems that is possible to be hacked by an intruder. It has included a risk level report which contains impacts on the organization, advice on improving security levels and drill test guidelines on how to perform in the future.

Q: Web Application Penetration Testing

The features Enterprise applications are considered to be one of the most important systems in the present, because the system is being used mostly for business and corporate sites (corporate website), and also as a system that is connected to the Internet all the time. If intruders can easily penetrate a system of Web-based enterprise applications, it’s likely the intruders can have the access to the internal network. So it is considered one of the most vulnerable systems. So before you put your web application system on production or after a system modification, you need to first test your system to identify potential or emerging vulnerabilities. Penetration testing of Web applications will be based on the guidelines of the OWASP (Open Web Application Security Project) where determines the top ten vulnerabilities of Web app in action as a loophole that was used in the most of affected systems. Benefits for the organization Organizations will be aware of vulnerabilities in web application that is possible to be hacked by an intruder. It has included a risk level report which contains impacts on the organization, advice on improving security levels and guidelines on how to perform the test in the future.

Q: Wireless Network Penetration Testing

The features It tests the wireless network in your organization, whether wireless network is strong enough to prevent intruders from outside or it is weak. Because wireless networks are unable to determine the exact extent of the signal just like a typical network. This makes it possible for intruders to access the internal network. Also, unauthorized access to the local area network is still an important channel intruders use to access internal networks. Therefore, the testing of the wireless network must consist of the following methods: Explore the wireless network (War Driving) to find unauthorized wireless devices. Test the wireless network by penetrating the key to enter the wireless network (WEP Key). Test by capturing user name and password for wireless network login. Benefits for the organization Organizations will be aware of vulnerabilities in their wireless network that is possible to be hacked by an intruder. It has included a risk level report which contains impacts on the organization, advice on improving security levels and guidelines on how to perform the test in the future.

Question 1

Dial-in RAS (Remote Access Services) Penetration Testing (War Dialing)

Accepted Answer

The features

It is an external penetration test by searching for a phone number that is open to a modem that connects to a corporate network (War dialing), which may be either authorized or hacked. This is an important point that many organizations do not consider because it is a technology that has been used for a long time, but if the use is not properly controlled, it can also be used as a channel that intruders can use to penetrate the internal network. Drilling is a test that tests your system via a modem. Using this technique can test all corporate phone numbers in just one day. If can find a phone number to open the modem service, then the test program will randomly name the user and password to penetrate the internal network. So if there is an inappropriate password, there is a chance that the intruder will be able to intrude into the internal network.

Benefits for the organization

Organizations will be aware of vulnerabilities in remote access systems via their modems that is possible to be hacked by an intruder. It has included a risk level report which contains impacts on the organization, advice on improving security levels and drill test guidelines on how to perform in the future.

Question 2

Web Application Penetration Testing

Accepted Answer

The features

Enterprise applications are considered to be one of the most important systems in the present, because the system is being used mostly for business and corporate sites (corporate website), and also as a system that is connected to the Internet all the time. If intruders can easily penetrate a system of Web-based enterprise applications, it’s likely the intruders can have the access to the internal network. So it is considered one of the most vulnerable systems. So before you put your web application system on production or after a system modification, you need to first test your system to identify potential or emerging vulnerabilities. Penetration testing of Web applications will be based on the guidelines of the OWASP (Open Web Application Security Project) where determines the top ten vulnerabilities of Web app in action as a loophole that was used in the most of affected systems.

Benefits for the organization

Organizations will be aware of vulnerabilities in web application that is possible to be hacked by an intruder. It has included a risk level report which contains impacts on the organization, advice on improving security levels and guidelines on how to perform the test in the future.

Question 3

Wireless Network Penetration Testing

Accepted Answer

The features

It tests the wireless network in your organization, whether wireless network is strong enough to prevent intruders from outside or it is weak. Because wireless networks are unable to determine the exact extent of the signal just like a typical network. This makes it possible for intruders to access the internal network. Also, unauthorized access to the local area network is still an important channel intruders use to access internal networks. Therefore, the testing of the wireless network must consist of the following methods:

Explore the wireless network (War Driving) to find unauthorized wireless devices.
Test the wireless network by penetrating the key to enter the wireless network (WEP Key).
Test by capturing user name and password for wireless network login.

Benefits for the organization

Organizations will be aware of vulnerabilities in their wireless network that is possible to be hacked by an intruder. It has included a risk level report which contains impacts on the organization, advice on improving security levels and guidelines on how to perform the test in the future.