A remote host-assessment assesses the security level of the network infrastructure via the Internet. Qbit’s ethical hackers test whether, as outsiders, they can gain unauthorised access your systems and/or information.
The basis for the remote host-assessment or penetration test is the identification of operating systems and services on the hosts, and the extent to which these hosts are vulnerable for publicly known exploits. A remote host-assessment gives an impression of what the security level of the network infrastructure is as seen directly from the Internet. More specific, a remote host assessment will answer the question whether the firewall (if present) is correctly configured, and the publicly accessible services like www, e-mail, and others are in order from a security perspective. In other words, is the patch level of the host correct, is the host correctly configured and doesn’t the hosts contain publicly known vulnerabilities.
First Qbit determines the security level of selected hosts mainly using automated tools like Nmap, Nessus, Metasploit, et cetera. This gives a good impression of what script kiddies – using easily obtainable tools to scan your network for publicly known vulnerabilities – can accomplish. After this Qbit’s ethical hackers verify the vulnerabilities and start testing manually. This means that they will combine vulnerabilities, look for new vulnerabilities to compromise the security of the internet perimeter. Various publicly available (hacker) tools are used to assess the security level of the selected hosts more thoroughly. This step is aimed at revealing security-issues (if any) an experienced hacker (so-called ‘überhackers’) should be considered capable of discovering (and using) too.
Qbit’s uses a black and/or grey box approach for the remote host-assessment or penetration test. With a black box approach our ethical hackers have no information about design and operations of the network infrastructure. With a grey box approach our ethical hackers have limited knowledge about the network infrastructure like a user account or the network topology.
Qbit provides a written report, consisting of the standard report generated by the various tools, supplemented with a (concise) report summarizing significant findings and recommendations.
Benefits of a remote host-assessment
- Find out if your internet perimeter is hackerproof.
- Insight in level of security and real vulnerabilities.
- Practical and feasible recommendations.