Mitnick's Security Services
External Network Penetration Testing
External Network Penetration Testing
Any device with access to the Internet is a potential open door to would-be hackers. Mitnick Security Consulting provides vulnerability assessments during which it closely maps the network architecture, examines all open ports, hosts and services with access to the Web, and ensures that these network devices are secure. Mitnick Security Consulting gathers information such as domain names, IP network ranges, operating system and applications, to identify systems on the network, how they are related, the services that are exposed through open ports (such as http, SMTP, terminal services, etc.). Once open ports and attached services are identified, Mitnick Security Consulting determines whether each service has been updated with the most recent patches and identifies other vulnerabilities located within the exposed services.
In addition to conducting vulnerability assessments, Mitnick Security Consulting performs more rigorous penetration tests in which the information gathered from its assessment is used to attempt to penetrate the network. This more thorough procedure can confirm whether potential vulnerabilities are, in fact, capable of being exploited to expose the network.
Following all vulnerability assessments and penetration tests, Mitnick Security Consulting uses the information it gathers to prepare a thorough vulnerability analysis and offers recommendations for strengthening network security.
Internal Network Penetration Testing
While outside threats must be guarded against, business must also protect against potential threats from within their own networks. Using many of the same techniques and procedures for Internet Security Testing, Mitnick Security Consulting provides Intranet risk assessment and analysis to protect against the potential threat posed by insiders.
Depending on the client’s needs, intranet testing can be performed by Mitnick Security Consulting under varying degrees of disclosure of network information from the client, for example with or without network accounts.
Web Application Assessment
This assessment examines what services are being offered on Web-based portals and e-commerce applications to examine potential vulnerabilities with respect to authentication, authorization, data integrity, data confidentiality, and consumer privacy concerns. Mitnick Security Consulting can test these applications using either zero-knowledge testing or full-access testing to examine the full range of potential vulnerabilities. Mitnick Security Consulting also conducts source code audits to identify any potential vulnerability among the applications and scripts that are accessible through the Web.
Wireless networks, while highly convenient, present additional security threats since the wireless signals are not limited by the physical boundaries of a traditional network. Mitnick Security Consulting evaluates how to prevent wireless communications from being exposed to eavesdropping and access by unauthorized intruders. Additionally, Mitnick Security Consulting examines the enterprise infrastructure for unencrypted or standard WEP enabled access points that may be vulnerable in order to ensure the security of the network.
Social Engineering Assessment
Social engineering involves manipulating and/or deceiving company employees and other human resources to gain unauthorized access to a network or to confidential information. Mitnick Security Consulting is the premier consulting firm in its ability to identify weak links in the security chain through exploitation of human vulnerabilities.
Mitnick Security Consulting’s principal, Kevin Mitnick, is widely recognized in the industry as the foremost authority on the topic of social engineering. His book The Art of Deception: Controlling the Human Element of Security offers an authoritative examination of potential threats posed by social engineering attacks. Mitnick Security Consulting leverages its unparalleled expertise in this field to expose what is often the weakest link in the information security apparatus: the human element.
Once individual or systemic weaknesses are identified, Mitnick Security Consulting recommends procedures designed to ensure that employees do not divulge information that could compromise company assets. The social engineering assessment not only uses tactics intended to gain confidential information, but also to induce unsuspecting employees to create vulnerabilities that can subsequently be exploited to gain access to confidential information.
VOIP & Telecommunications Assessment
Mitnick Security Consulting has unique experience testing vulnerabilities in private bank exchanges that operate company voicemail and messaging systems. Unauthorized access to these systems can allow an intruder to eavesdrop on and manipulate employee voicemail messages, initiate outgoing calls from internal company lines, and access corporate telephone networks and directories.
Physical Security Testing
Access to confidential information can often be obtained by simply gaining physical access to company premises. Mitnick Security Consulting conducts on-site surveillance to assess physical security and uses social engineering, pass key duplication, and other techniques designed to gain physical entry into secure areas and the network system.
In addition to preventing future attacks, Mitnick Security Consulting can conduct forensic analysis to evaluate past security breaches. This analysis examines log reports, compares backups to identify modifications to the network, and investigates the introduction of foreign software tools to help identify intruders, determine the extent to which the network has been compromised, and mitigate potential damages from the intrusion.
Mitnick Security Consulting provides training seminars to IT professionals and employees with access to sensitive information to better educate them about the risks of social engineering and how to prevent themselves from falling prey to ruses posed by competitors or malicious intruders. These seminars are dedicated to preventing human error from undermining an otherwise robust information security infrastructure.
Employee Background Checks
Your employees are your front line in protecting your intellectual property from those who shouldn't have access to it. However, if you haven't explored the history of your employees, they may very well be the people you don't want accessing your most important data. Your company must also be aware of the current trend of "negligent hiring" claims being made around the country. In the case where an employee does harm to a client, another employee, or a business associate, your company could be held liable if you failed to perform the proper background checks before hiring them.
Mitnick Security Consulting can help provide you the information you need to make the correct hiring decision, protecting both your company and your data.
Mitnick Security Consulting can investigate documented intrusion attempts in to your network and situations where data was actually compromised. Through investigation, you can find the source of the attack, techniques used, and how to correct these flaws. While it is always best to stop attacks before they happen, it is important to investigate any possible compromise of your intellectual property.