What is "blind" testing?: If you would like us to test your firewall as if we were "real" hackers, then you should tell us nothing at all about your installation. This means we have to perform a good deal of under-cover work in approaching the hack in the same way a criminal would, using social engineering and even physical break-ins.
	What is "informed" testing? We sign a non-disclosure agreement with your organisation and you give us details of your firewall solution - the overall design, the IP addresses, and so on. We are then able to run a variety of tests against your firewall defence, using exploits appropriate to the devices and products actually in use. This gives a thorough and cost-effective result.
	What tools do you use? Unless you specifically instruct us otherwise, we use primarily professional, commercial tools to conduct the tests. This ensures that we expose as many vulnerabilities as possible with the minimum risk of disruption to your Internet services. A list of tools which we may deploy is included in every proposal.
	What about "real" hacking tools? "Real" hackers will use tools and techniques freely exchanged on the Internet. Although these exploits are contained in the commercial tools we deploy, some clients prefer us to use hacker freeware in addition to the commercial products (for example to demonstrate denial of service attacks). In these situations we ask clients to sign specific waivers in case of damage to their Internet services.
	What is vulnerability analysis? Vulnerability scanners provide a good deal of information about poor configuration, design flaws, operating system patches, etc. that are invaluable in securing against attack. This type of information will not be revealed in a conventional penetration test, the sole purpose of which is to break in to your system.
	What about on-site DMZ testing? We can reveal considerably more weaknesses and configuration errors in your firewall configuration if we can address it from inside your organisation as well as from across the Internet. We can also review your firewall management procedures, change control and firewall policy. If your firewall is managed by a third party or hosted at a remote site, we will also give you valuable information about the service provided by that third party.
	What sort of report will I get? Our reports give you a concise, plain-English summary of any vulnerabilities we have found, together with a measure of their severity and the potential impact on your organisation. The technical section of the report gives details of the vulnerability, what it means to your security should a hacker exploit it, and where to get a fix to resolve the problem. Finally a detailed log of every element of the tests is appended, as an audit trail of the work that was carried out.
	What about continued assurance? Many clients ask us to provide regular tests, both via the Internet and on-site. Our pricing policy offers discounts to clients ordering quarterly or monthly tests. Some clients also take advantage of skills transfer from our staff, to conduct their own regular tests between our periodic independent reviews.

Want more information?

• Phone Andy on +44 (0)1273 45 45 25
• Click Here to download our brochure
• Click here to use our contact form
• Click here for the detailed PCI DSS specification