First Base Technologies
Home
Services
Why Choose Us?
Portfolio

Contact Us
Get Brochure
Phone 01273 454525
email

Blended Attacks


The Threat: social engineering security risks

  • Could a social engineer trick your staff into divulging sensitive information?
  • How security aware are your staff?
  • Do you have a human firewall?

How do you answer these questions?

The Issues: Why do I need social engineering testing?

Criminal hacking is no longer a purely technical activity. As awareness of technical security issues and their countermeasures has improved, attackers are increasingly employing other methods to circumvent security controls - such as exploiting unsuspecting users. The approach of purchasing individual "silver bullet" solutions like firewalls, IDS and IPS must be replaced by an holistic view of security that embraces technology, physical controls and people too.

Staff awareness of social engineering is often particularly weak, leaving most organisations open to abuse both remotely and in person. Covert attacks such as key loggers are on the increase but most organisations have no way to detect them because users simply do not know what to look for.

In today's environments, people are the most important factor in securing your organisation. But how security aware are they? How do you test your "human firewall"?

The Solution: First Base Technologies' Social Engineering Team

Over the past fifteen years, our consultants have conducted numerous penetration tests for some of the largest organisations in the world. We have developed a unique approach, combining real-world criminal methods and tools to test the technical, physical and social aspects of your security. We call this Blended Attacks - a service that tests the strength of your human firewall as well as your technology.

Our report will highlight the cultural and psychological vulnerabilities in your organisation and provide you with detailed recommendations for improvement. Our findings can also form the basis for a security awareness campaign fully tailored to your business, and reveal key areas in which your policies could be refined, ensuring that your organisation really is as secure as possible.

To complete the work, we will deliver an end-of-project review meeting at your premises, to discuss our findings and recommendations and answer any outstanding questions you may have.


Identity theft We impersonate an employee or trusted third party, such as a cleaner or contractor. We gain access to your premises and attempt to steal legitimate logon credentials, using snooping techniques and devices such as key loggers.
Phishing attacks We craft e-mails that appear to come from within your organisation or trusted partners, in order to deceive your staff into divulging information. This may involve constructing a web site that mimics your legitimate site, or creating a Trojan program to gain access to their desktops.
Telephone calls We can test your help desk security by attempting to persuade them to divulge information or reset remote access passwords. We can target employees to encourage them to divulge confidential or sensitive information. We may also use telephone social engineering to obtain background research for other types of attack.
Physical access We attempt physical access to one or more of your sites to test your physical security. We impersonate an employee, delivery person or visiting engineer - using background research we forge name badges and wear appropriate clothing. We also try to gain access to secure areas such as comms rooms and executive areas.
Network access Whilst on site, we attempt to connect to your network, perhaps in a meeting room or at a vacant desk. We conduct a network mapping exercise and also try to harvest sensitive or confidential information.

Every test is carried out by one or more (depending on the scope) highly trained professionals. Their findings are reviewed by a senior technical member of staff and the final report, which can be in a format tailored to your requirements, is inspected by a partner before being sent to you.

Once you've received your report, we provide an in-depth discussion of our findings to ensure that the vulnerabilities and solutions are relevant and properly understood. We will also provide support and advice in the future.

We can also assist you in producing training and awareness campaigns. Please click here for more information.

Thus, at First Base Technologies, we pride ourselves in ensuring that we are with you every step of the way in attempting to secure your organisation from a social engineering attack.


Download the pdf flyer here

You can read our FAQ on penetration testing here

And see what our clients say about our services here



PCI-DSS Testing get a quote
or phone Andy on +44 (0)1273 45 45 25
 

E&OE
© 2001-2012 First Base Technologies LLP - All Rights Reserved.
First Base Technologies LLP is a limited liability partnership registered in England & Wales, number: OC352070
Website designed and mastered by
didilogix


W3 Org says this page is HTML 4.01 compliant