Network test is a method of evaluating the security of the current state of the network, including internal and external security evaluation.
At Kéntro., we use a precisely planned procedure to identify and prioritize the most susceptible elements of your network in our penetration testing methodology. The main goal of a network penetration test is to find exploitable vulnerabilities in networks, network devices, systems, and hosts so that they can be fixed before a hacker can discover and exploit them.
We comply with all major IT security testing guidelines
Our team of professional experts employs the best security standards in the industry.
Penetration testing methodology
Kéntro. employs globally approved and industry standard frameworks in every network penetration test it performs. The framework is based on industry standard guidelines like the Penetration Test Execution Standard (PTES) and the National Institute of Standards and Technology (NIST) at a minimum, but it goes much further.
This involves vulnerability scanning, which includes examining the output of various security tools, as well as manual testing procedures. A network vulnerability assessment involves a variety of tasks such as:
- Network threats must be identified, prioritized and quantified.
- Checks for security control.
- Analyze network defenses against network-based attacks such as local privilege attacks, network intrusion, port scanning, and brute force attacks, among others.
The information collected will include a list of all SSIDs and MAC addresses that are in range. Also, before scheduling the project, a list of all places and structures at this testing stage is compiled.
- Site inspection.
- Unauthorized access attempts.
- Post-authentication
We provide a full network analysis and executive summary with appropriate remedial actions when our assessment is complete.
Customer scope/target information will be obtained after the project starts. This information will be included in a firewall configuration review:
- IP addresses and URLs for the firewalls in scope.
- Read-only administrator-level credentials.
- Any required access information (for example, VPN credentials)
The objective of this methodology is to use a security audit to assess the security of an organization’s network devices and find weaknesses.
- IP addresses of systems/Servers in scope.
- Read-only administrator-level credentials (all settings configured without the ability to modify them).
- Any required access information (for example, VPN credentials).
After starting the project, scope/target information will be collected from the client. In the case of a router configuration review, this information will include:
- Configuration files of routers in scope.
- Any additional requirements.
Black box evaluation
Information Gathering
Configuration tests
Data validation tests
Implement test management
Gray box evaluation
Authentication tests
Authorization tests
Session Management Tests
Input validation tests
Business logic tests
White box evaluation
Used tools
We use industry benchmark security testing tools on each of our IT infrastructures based on business and technical requirements.
Below are some of the many tools we use:
