Consulting Sub Menu:
Benefits by Industry:
Key Interest Areas:
Information For:
SIFT Training Schedule
 SIFT is an "Australian Government Endorsed Supplier" of information security and information risk management services.
|
Penetration Testing
The vast majority of computer 'attacks' target Known Vulnerabilities.
While these vulnerabilities may have been identified for weeks or months, slow response and a lack of awareness often results in systems being vulnerable for extended periods of time.
While it is very hard to protect against being the first site where vulnerability is discovered, this is a rarity. Protecting against known vulnerabilities requires a policy of awareness and action, and a consistent procedural approach.
SIFT's security testing services can provide:
- A view of the likely approach taken by a malicious user with minimal information about the organisation, to identify potential weak points.
- Identification of the organisation's systems likely to be subject to Internet-based attack
- Assessment of the resilience of network components to common attack methods used from the Internet.
Our technical team have extensive experience in customising security testing to client environments. SIFT's security testing services cover the six domains of security testing:
- Internet Security: Network Reconnaissance, Port Scanning, Services Identification, System Identification, Vulnerability Scanning, Vulnerability validation, Web Application Testing, Firewall/Router Review, IDS/IPS Review
- Information Security: Competitive Intelligence Scouting, Privacy Review, Document Grinding (Analysis of publicly available company information)
- Wireless Security: Wireless Networks Identification & Testing
- Communications Security: PBX Testing and Configuration Assessment, Voicemail Testing, Modem Connection Reconaissance and Assessment, VoIP Deployment Reconaissance and Testing
- Social Engineering: Request and Guided Selection Testing, Trusted Persons Testing
- Physical Security: Access Controls Testing, Monitoring Review, Alarm Response Review, Location Review, Environment Review
Methodology
SIFT's security testing methodologies are based on local and international security standards and guidelines. These include:
- Open Source Security Testing Methodology Manual (OSSTMM)
- AS/NZS ISO/IEC 27001:2006 - Information technology - Security techniques - Information security management systems – Requirements
- Center for Internet Security (CIS) Windows, *Nix and network device benchmark standards
- US National Security Agency (NSA) Security Guidelines
- US National Institute of Standards and Technology (NIST) Special Reports (including Guideline on Network Security Testing)
- Microsoft Security Guides
- Open Web Application Security Project (OWASP) Guide to Building Secure Web Applications and Web Services
SIFT penetration tests are conducted using the most current and well-regarded vulnerability assessment tools, along with custom developed scripts and manual refinement. SIFT is not committed to products from any one vendor, but rather uses "best of breed" tools - the same tools a true attacker would use. Where necessary, our technical staff can develop custom exploit code in an attempt to thoroughly test the security standing of a site.
SIFT uses these standards and tools as a framework for our analysis, while the analysis process adheres fully to our Technology Risk Assessment (TRA) methodology.
For testing specific to individual technology components, please see:
For more information regarding Penetration Testing, please contact us.
|
|
SIFT Team Delivering 3 Presentations at Ruxcon!
21 Nov 08
The Ruxcon information security conference is once again being held in Sydney on the 29th to the 30th of November. The not-for-profit conference is regarded throughout Australia and the world as one of the leading information security research events.
more...
SIFT in 2008 BRW Fast 100
20 Nov 08
In the second half of 2008, SIFT was recognised for our rapid and consistent growth through inclusion in the 2008 BRW Fast 100.
more...
|
