Upload
jonathan-posner
View
7
Download
0
Embed Size (px)
Citation preview
PAGE 2 OF 27 2016, Caretower Ltd v3.6
Table of Contents
1. Caretower Security Services ....................................................................................................... 3
2. Services Offered By Caretower ................................................................................................... 4
2.1 Black Box Internal or External Network Vulnerability Assessment ........................................ 5
2.2 White Box Internal or External Network Vulnerability Assessment ....................................... 6
2.3 Grey Box Internal or External Network Vulnerability Assessment ......................................... 8
2.4 Black Box Internal or External Network Penetration Test ...................................................... 9
2.5 White Box Internal or External Network Penetration Test .................................................. 10
2.6 Grey Box Internal or External Network Penetration Test ..................................................... 12
2.7 Web Application Penetration Test ....................................................................................... 13
2.8 Mobile Application Penetration Test .................................................................................... 14
2.9 Application Source Code Reviews ........................................................................................ 16
2.10 Web Application Training ..................................................................................................... 17
2.11 Social Engineering Security Assessment ............................................................................... 18
a. External (Remote) Social Engineering Security Services .......................................................... 19
b. Internal (Onsite) Social Engineering Security Services ............................................................. 19
2.12 Physical Security Risk Assessment ........................................................................................ 20
2.13 Phishing Attack Awareness Online Training ......................................................................... 21
2.14 Social Engineering Awareness Training Onsite ..................................................................... 22
2.15 Red Team Assessment .......................................................................................................... 22
2.16 Wireless Grey Box Network Test .......................................................................................... 23
2.17 Host Build Security Audit ...................................................................................................... 24
2.18 Firewall Security Auditing ..................................................................................................... 25
3. About Caretower .................................................................................................................. 27
PAGE 3 OF 27 2016, Caretower Ltd v3.6
1. Caretower Security Services
Caretower’s security services help businesses identify vulnerabilities in their security defences
and provides a recommended action plan for remediation, based on industry best practices.
Caretower will assume the role of an external or internal attacker and attempt to circumvent
security controls to gain access to the company’s target network or application.
Caretower takes a vendor-neutral approach to developing solutions that meet customer
business requirements for scalability, reliability, performance, security, timeline and budget,
with an emphasis on delivering maximum results and return on investment.
All services offered by Caretower help customers to have reliable and secure infrastructure
and applications. The Caretower testing services are performed against the scoped
infrastructure and/or application in a variety of different systems such as (also depending on
the scope): Web, E-Mail Server, Web Applications, Database servers, Remote Access
Gateways, Network devices, DNS servers etc.
Based on the selected service we will be looking into (but not limited to):
1. Missing operating system security patches.
2. Missing security patches from third party products.
3. Unsupported and outdated software.
4. Weak password policies in various services.
5. Server and host misconfiguration issues.
6. Social media exposure of the target company.
7. Proper network segmentation.
8. Secure application deployment.
9. Logical network access control implementations.
10. Perimeter Security.
11. Remote Administration.
12. DNS Segmentation.
PAGE 4 OF 27 2016, Caretower Ltd v3.6
2. Services Offered By Caretower
Caretower offers a wide portfolio of security services. Our security tests are performed by
experienced penetration testing specialists who have a wealth of knowledge in diverse IT
disciplines including policy, design, implementation and development. Caretower offers the following tests services:
1. Black Box Internal or External Vulnerability Assessment
2. White Box Internal or External Vulnerability Assessment
3. Grey Box Internal or External Vulnerability Assessment
4. Black Box Internal or External Network Penetration Test
5. White Box Internal or External Network Penetration Test
6. Grey box Internal or External Network Penetration Test
7. Web Application Penetration Test
8. Mobile Application Penetration Test
9. Application Source Code Reviews
10. Web Application Training
11. Social Engineering Security Assessment
a. External (Remote) Social Engineering Security Assessment Services b. Internal (Onsite) Social Engineering Security Services
12. Physical Security Risk Assessment
13. Phishing Attack Awareness Online Training
14. Social Engineering Awareness Training Onsite
15. Wireless Grey Box Network Test
16. Host Build Security Audit
17. Firewall Security Auditing.
18. Red Team Security Assessment.
Note: All services to a certain extent are customisable.
PAGE 5 OF 27 2016, Caretower Ltd v3.6
2.1 Black Box Internal or External Network Vulnerability
Assessment
A Black Box External or Internal Network Vulnerability Assessment service is a semi-
automated process of proactively identifying security vulnerabilities of computing systems in
the target network infrastructure in order to determine if and where a system can be
exploited and/or threatened. Caretower make use of various manual verification tests and
deliver a report free of false positives, with no prior knowledge of the systems or
infrastructure in place. While applying this approach, the penetration tester will be assessing
the network infrastructure from a remote or onsite location and will not be aware of any
technologies deployed/used by the target organisation.
Note: Black Box Vulnerability assessment typically refers to the assessment of systems that
are connected to the Internet but can also refer to system audits on internal networks that
are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.
The client by purchasing a Black Box External or Internal Vulnerability Assessment will be receiving the following service:
1. Discovery
Identify network topology of target company.
Identify/enumerate active company hosts through probing/port scanning.
Identify operating system using passive and active fingerprinting techniques.
Identify type of service per active host.
Gather information from social media associated with the target company (only
for external test).
Identify target company external or internal network attack surface.
2. Test Activities
Perform vulnerability verification using manual testing methods.
Ensure minimal to no impact on the hosts.
No Distributed Denial of Service/Denial of Service attacks will be performed.
High risk vulnerabilities will be reported during testing.
3. Reporting
Generate an executive summary to confirm the date of the test and IP address
ranges tested.
Include a summary report of vulnerabilities identified by host.
PAGE 6 OF 27 2016, Caretower Ltd v3.6
Perform supplemental research and development activities to support
analysis.
False positive identification of the findings.
Prioritised vulnerabilities based upon the ease of exploit, level of effort to
remedy and severity of business impact.
Make use of the CVSSv2 scoring system and CVE numbers to categorize the
identified vulnerabilities.
Assess current practice against industry best practices and provide detailed
remediation plan.
4. Post Engagement Activities
Perform follow up conference calls and/or meetings explaining the severity of
the findings.
Transfer knowledge through post engagement activities.
2.2 White Box Internal or External Network Vulnerability
Assessment
A White Box External or Internal Network Vulnerability Assessment service is a semi-
automated process of proactively identifying security vulnerabilities of computing systems in
the target network infrastructure in order to determine if and where a system can be
exploited and/or threatened. Caretower make use of various manual verification tests and
deliver a report free of false positives. White Box external or internal vulnerability assessment
occurs when external or internal attempts are made to check on vulnerabilities and
adherence to policies and procedures of the target company, with the full assistance of the client.
Note: Vulnerability assessment typically refers to the assessment of systems that are
connected to the Internet but can also refer to system audits on internal networks that are
not connected to the Internet in order to assess the threat of rogue software or malicious
employees in an enterprise.
The client in this situation would be obliged to provide us with the following information:
1. Information about the business model organisation, in order to build appropriate
threat models.
2. Network diagrams with detailed external or internally exposed surface attack.
3. Technical documentation describing technologies used by the infrastructure.
4. External or internal user credentials of users with different privilege levels.
The client by purchasing an External or Internal Vulnerability Assessment will be receiving the following service:
PAGE 7 OF 27 2016, Caretower Ltd v3.6
1. Discovery
Identify/enumerate active company hosts through probing/port scanning.
Identify operating system using passive and active fingerprinting techniques.
Identify type of service per active host.
2. Test Activities
Perform vulnerability verification using manual testing methods.
Ensure minimal to no impact on the hosts.
No Distributed Denial of Service/Denial of Service attacks will be performed.
High risk vulnerabilities will be reported during testing.
3. Reporting
Generate an executive summary to confirm the date of the test and IP address
ranges tested.
Include a summary report of vulnerabilities identified by host.
Perform supplemental research and development activities to support
analysis.
False positive identification of the findings.
Prioritised vulnerabilities based upon the ease of exploit, level of effort to
remedy and severity of business impact.
Make use of the CVSSv2 scoring system and CVE numbers to categorize the
identified vulnerabilities.
Assess current practice against industry best practices and provide detailed
remediation plan.
4. Post Engagement Activities
Perform follow up conference calls and/or meetings explaining the severity of
the findings.
Transfer knowledge through post engagement activities.
PAGE 8 OF 27 2016, Caretower Ltd v3.6
2.3 Grey Box Internal or External Network Vulnerability
Assessment
A Grey Box External or Internal Network Vulnerability Assessment service is a semi-automated
process of proactively identifying security vulnerabilities of computing systems in the target
network infrastructure in order to determine if and where a system can be exploited and/or
threatened. Caretower make use of various manual verification tests and deliver a report free
of false positives. Caretower will be assessing the client’s network with some prior knowledge
of the systems or infrastructure in place. In this situation the client is obliged to provide us
with an IP range and the type of the services each host has.
Note: Vulnerability assessment typically refers to the assessment of systems that are
connected to the Internet but can also refer to system audits on internal networks that are not
connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.
The client by purchasing an External or Internal Vulnerability Assessment will be receiving the
following service:
1. Discovery
Identify/enumerate active company hosts through probing/port scanning.
Identify operating system using passive and active fingerprinting techniques.
Identify type of service per active host.
2. Test Activities
Perform vulnerability verification using manual testing methods.
Ensure minimal to no impact on the hosts.
No Distributed Denial of Service/Denial of Service attacks will be performed.
High risk vulnerabilities will be reported during testing.
3. Reporting
Generate an executive summary to confirm the date of the test and IP address
ranges tested.
Include a summary report of vulnerabilities identified by host.
Perform supplemental research and development activities to support
analysis.
False positive identification of the findings.
Prioritised vulnerabilities based upon the ease of exploit, level of effort to
remedy and severity of business impact.
PAGE 9 OF 27 2016, Caretower Ltd v3.6
Make use of the CVSSv2 scoring system and CVE numbers to categorize the
identified vulnerabilities.
Assess current practice against industry best practices and provide detailed
remediation plan.
4. Post Engagement Activities
Perform follow up conference calls and/or meetings explaining the severity of
the findings.
Transfer knowledge through post engagement activities.
2.4 Black Box Internal or External Network Penetration Test
Black Box External or Internal Network Penetration Testing occurs when external or internal
attempts are made to securely penetrate network systems and defences to identify entry
points and vulnerabilities with no prior knowledge of the systems or infrastructure in place.
While applying this approach, the penetration tester will be assessing the network
infrastructure from a remote or onsite location and will not be aware of any technologies deployed/used by the target organisation.
Note: Black Box Internal Network Penetration Testing refers to system audits on internal
networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.
The client by purchasing a Black Box External or Internal Network Penetration Test will be
receiving the following service:
1. Discovery
Identify network topology of target company.
Identify/enumerate active company hosts through probing/port scanning.
Identify operating system using passive and active fingerprinting techniques.
Identify type of service per active host.
Gather information from social media associated with the target company
(only for external or internal penetration test).
Identify target company external or internal network attack surface.
2. Test Activities
Vulnerability verification using manual testing methods to identify false
positives.
Run publicly available exploit code against the vulnerable targets, in a safe and
secure manner.
Ensure minimal to no impact on the hosts.
PAGE 10 OF 27 2016, Caretower Ltd v3.6
No Distributed Denial of Service/Denial of Service attacks will be performed,
unless explicitly requested from the customer.
High risk vulnerabilities will be reported during testing.
3. Reporting
Generate an executive summary to confirm the date of the test and IP address
ranges tested.
Include a summary report of vulnerabilities identified by host.
Perform supplemental research and development activities to support
analysis.
Prioritised vulnerabilities based upon the ease of exploit, level of effort to
remedy and severity of business impact.
Make use of the CVSSv2 scoring system and CVE numbers to categorize the
identified vulnerabilities.
Assess current practice against industry best practices and provide detailed
remediation plan.
4. Post Engagement Activities
Perform follow up conference calls and/or meetings explaining the severity of
the findings.
Transfer knowledge through post engagement activities.
2.5 White Box Internal or External Network Penetration Test
White Box External or Internal Network Penetration Testing occurs when external or internal
attempts are made to securely penetrate network systems and defences to identify entry
points and vulnerabilities with prior knowledge of the systems or infrastructure in place. White
Box external or internal Penetration Testing occurs when external or internal attempts are
made to check on vulnerabilities and adherence to policies and procedures of the target company, with the full assistance of the client.
Note: White Box Internal Network Penetration Testing refers to system audits on internal
networks that are not connected to the Internet in order to assess the threat of rogue software
or malicious employees in an enterprise with full knowledge of the company systems e.g.
frustrated system administrator etc.
The client in this situation would be obliged to provide us with the following information:
1. Information about the business model organisation, in order to build appropriate threat models.
2. Network diagrams with detailed external or internally exposed surface attack.
3. Technical documentation describing technologies used by the infrastructure.
PAGE 11 OF 27 2016, Caretower Ltd v3.6
4. External or internal user credentials of users with different privilege levels.
The client by purchasing a white box external or internal network penetration test will be
receiving the following service:
1. Discovery
Verify/Enumerate active company hosts through probing/port scanning.
Identify operating system using passive and active fingerprinting techniques.
Identify/Verify type of service per active host.
2. Test Activities
Identification/Verification if the true external or internal attack surface of the
Target Company.
Vulnerability verification using manual testing methods.
Run publicly available exploit code against vulnerable targets, in a safe and
secure manner.
Ensure minimal to no impact on the hosts.
Assess external or internal user access against company security policies.
Abuse external or internal user access, by attempting to circumvent company
security controls and policies.
A security assessment of the network design and topology.
No Distributed Denial of Service/Denial of Service attacks will be performed,
unless explicitly requested from the customer.
High risk vulnerabilities will be reported during testing.
3. Reporting
Generate an executive summary to confirm the date of the test and IP address
ranges tested.
Include a summary report of vulnerabilities identified by host.
Perform supplemental research and development activities to support
analysis.
Prioritized vulnerabilities based upon the ease of exploit, level of effort to
remedy and severity of business impact.
Make use of the CVSSv2 scoring system and CVE numbers to categorize the
identified vulnerabilities.
Full risk assessment included in the penetration test about the external or
internal client will be included in the penetration test report.
Assess current practice against industry best practices and provide detailed
remediation plan.
PAGE 12 OF 27 2016, Caretower Ltd v3.6
Assess of the network design/topology will be included in the report.
Assess of the external or internal user access will be included in the report.
4. Post Engagement Activities
Perform follow up conference calls and/or meetings explaining the severity of
the findings.
Transfer knowledge through post engagement activities.
2.6 Grey Box Internal or External Network Penetration Test
Grey Box Internal or External Network Penetration Testing occurs when external or internal
attempts are made to securely penetrate network systems and defences to identify entry
points and vulnerabilities with some prior knowledge of the systems or infrastructure in place.
In this situation the client is obliged to provide us with an IP range and the type if the services
each host has.
Note: Grey Box Internal or External Network Penetration Testing refers to system audits on
internal networks that are not connected to the Internet in order to assess the threat of rogue
software or malicious employees in an enterprise.
The client by purchasing a Grey Box External or internal Network Penetration Test will be receiving the following service:
1. Discovery
Verify/enumerate active company hosts through probing/port scanning.
Identify operating system using passive and active fingerprinting techniques.
Identify/verify type of service per active host.
2. Test Activities
Perform vulnerability verification using manual testing methods.
Run publicly available exploit code against vulnerable targets, in a safe and
secure manner.
Ensure minimal to no impact on the hosts.
No Distributed Denial of Service/Denial of Service attacks will be performed.
High risk vulnerabilities will be reported during testing.
PAGE 13 OF 27 2016, Caretower Ltd v3.6
3. Reporting
Generate an executive summary to confirm the date of the test and IP address
ranges tested.
Include a summary report of vulnerabilities identified by host.
Perform supplemental research and development activities to support
analysis.
Prioritised vulnerabilities based upon the ease of exploit, level of effort to
remedy and severity of business impact.
Make use of the CVSSv2 scoring system and CVE numbers to categorize the
identified vulnerabilities.
Assess current practice against industry best practices and provide detailed
remediation plan.
4. Post Engagement Activities
Perform follow up conference calls and/or meetings explaining the severity of
the findings.
Transfer knowledge through post engagement activities.
2.7 Web Application Penetration Test
A Web Application Penetration Test is a method of evaluating the security of a Web
Application by methodically validating and verifying the effectiveness of application security
controls. A web application security test focuses only on evaluating the security of a web
application. The process involves an active analysis of the application for any weaknesses,
technical flaws, or vulnerabilities. Any security issues that are found will be presented to the
system owner, together with an assessment of the impact, a proposal for mitigation or a
technical solution.
The client by purchasing a Web Application Penetration Test will be receiving the following service:
1. Discovery
Analyse the Web Application Structure.
Understand the Web Application Design.
Understand the Web Application Business Logic.
2. Test Activities
Perform automated web application scan.
Perform vulnerability verification using manual testing methods.
PAGE 14 OF 27 2016, Caretower Ltd v3.6
Perform extensive manual Web Application security testing.
Run publicly available exploit code against vulnerable targets, in a safe and
secure manner.
Try to circumvent application security controls.
Try to circumvent application business logic.
Perform security tests against OWASP top 10 risks.
Ensure minimal to no impact on the hosts.
No Distributed Denial of Service/Denial of Service attacks will be performed.
High risk vulnerabilities will be reported during testing.
3. Reporting
Generate an executive summary to confirm the date of the test and IP address
ranges tested.
Include a summary report of vulnerabilities identified by host.
Perform supplemental research and development activities to support
analysis.
Prioritised vulnerabilities based upon the ease of exploit, level of effort to
remedy and severity of business impact.
Make use of the CVSSv2, OWASP top 10 scoring system and CVE numbers to
categorize the identified vulnerabilities.
Assess current practice against industry best practices and provide detailed
remediation plan.
4. Post Engagement Activities
Perform follow up conference calls and/or meetings explaining the severity of
the findings.
Transfer knowledge through post engagement activities.
2.8 Mobile Application Penetration Test
Whether your custom applications have been developed in-house or commissioned through a
third party, time constraints and a lack of awareness around security best practice can often
result in an application that puts the integrity and confidentiality of your data and systems at
risk of compromise.
We provide a thorough security analysis of both common off the shelf and custom applications.
Our security assessment specialists will examine and assess all the key components of the
target application and where appropriate supporting infrastructure. Attention is also focused
on how the application components are deployed and communicate with both the user and
server environments.
PAGE 15 OF 27 2016, Caretower Ltd v3.6
The client by purchasing a Web Application Penetration Test will be receiving the following service:
1. Discovery
Analyse the Mobile Application Structure.
Understand the Mobile Application Design.
Understand the Mobile Application Business Logic.
2. Test Activities
Perform automated mobile application scan.
Perform automated scan to the web component of the mobile application.
Perform vulnerability verification using manual testing methods.
Perform extensive manual mobile application security testing.
Run publicly available exploit code against the target system, in a safe and
secure manner.
Try to circumvent web component security controls.
Try to circumvent web component business logic.
Try to circumvent mobile application security controls.
Try to circumvent mobile application business logic.
Perform security tests against OWASP Top 10 risks.
Perform security tests against OWASP Mobile Top 10 risks.
Ensure minimal to no impact on the web component.
No Distributed Denial of Service/Denial of Service attacks will be performed.
High risk vulnerabilities will be reported during testing.
3. Reporting
Generate an executive summary to confirm the date of the test and IP address
ranges tested.
Include a summary report of vulnerabilities identified by host.
Perform supplemental research and development activities to support
analysis.
Prioritised vulnerabilities based upon the ease of exploit, level of effort to
remedy and severity of business impact.
Make use of the CVSSv2 scoring system and CVE numbers to categorize the
identified vulnerabilities.
Assess current practice against industry best practices and provide detailed
remediation plan.
PAGE 16 OF 27 2016, Caretower Ltd v3.6
4. Post Engagement Activities
Perform follow up conference calls and/or meetings explaining the severity of
the findings.
Transfer knowledge through post engagement activities.
2.9 Application Source Code Reviews
A Source Code Review identifies the types of vulnerabilities only a software architect,
developer, or tester would know. Before beginning a source code review, our consultants gain
a thorough understanding of your application as well as its purpose, background, environment
and framework to best identify key areas of focus.
Note: The service to a certain extent is customisable.
Our Consulting Team brings together many years of experience in software testing and
architecture therefore, once onsite, we can easily take a look at your application's architecture
and immediately understand how it is intended to work; what the design implications are;
what the application's strengths and weaknesses are; and, most importantly, determine risk
appropriately.
The client by purchasing a Web Application Penetration Test will be receiving the following
service:
1. Discovery
Analyse the Application Structure.
Understand the Application Design.
Understand the Application Business Logic.
2. Test Activities
Perform Static and Dynamic code analysis.
Perform manual code tracing and automated testing to locate interfaces and
review sanitisation of any data input or output.
Perform extensive manual Web Application security testing by authenticated
and unauthenticated.
Further manual analysis will be performed to identify sections of code
vulnerable to issues such as format string errors, race conditions, memory
leaks, buffer overflows, integer overflows or command injection points.
Code will be verified for general cryptographic errors that could affect the
confidentiality and integrity of data.
PAGE 17 OF 27 2016, Caretower Ltd v3.6
A review will be carried out to test the protection measures for sensitive data
storage.
Manual examination will be performed on the protection mechanisms for the
network traffic.
Try to circumvent application security controls.
Try to circumvent application business logic.
Ensure minimal to no impact on the hosts.
No Distributed Denial of Service/Denial of Service attacks will be performed.
Report high risk vulnerabilities will be reported during testing.
3. Reporting
Generate an executive summary to confirm the date of the test.
Include a summary report of vulnerabilities identified by host.
Perform supplemental research and development activities to support
analysis.
Prioritised vulnerabilities based upon the ease of exploit, level of effort to
remedy and severity of business impact.
Make use of the CVSSv2, OWASP top 10 scoring system and CVE numbers to
categorize the identified vulnerabilities.
Report Includes the PCI DSS pass score for each vulnerability identified.
Assess current practice against industry best practices (PCI DSS, OWASP,
ISO/IEC 27002:2005) and provide detailed remediation plan.
4. Post Engagement Activities
Perform follow up conference calls and/or meetings explaining the severity of
the findings.
Transfer knowledge through post engagement activities.
2.10 Web Application Training
Caretower provides in-house training for interested groups and companies. All of our training
is designed for web developers and network administrators and security professionals who
are looking to develop practical, real-world offensive security and penetration testing skills.
How to test SSL vulnerabilities
Session Fixation vulnerabilities and testing demos and recommendations on
proper defense.
o Session Fixation with phishing attacks
PAGE 18 OF 27 2016, Caretower Ltd v3.6
Cross-Site Request Forgery testing demos and recommendations on proper defense.
o GET Cross-Site Request Forgery o POST Cross-Site Request Forgery
Cross-Site Scripting testing demos and recommendations on proper defense.
o Reflective Cross Site Scripting. o Stored Cross Site Scripting.
o DOM Based Cross Site Scripting.
SQL injection testing demos and recommendations on proper defense.
o Error Based SQL Injection.
o Blind SQL Injection.
o Obfuscated SQL Injection.
Clickjacking testing demos and recommendations on proper defense.
Combined attack demos and recommendations on proper defense.
o Clickjacking and Cross-Site Request Forgery.
o Clickjacking and Cross-Site Scripting.
o Cross-Site Scripting and Open Redirects.
Recommendations on proper encryption use in web application.
2.11 Social Engineering Security Assessment
Caretower Social Engineering Security Assessment Services involves simulating real-world
attacks to provide a current view of vulnerabilities and threats to a client environment. These
"human-based" attacks consist of impersonating a trusted individual in an attempt to gain
information and/or access to information or the client network infrastructure.
Key Features
1. Allow you to test the effectiveness of your security awareness training programs, or
lay the foundation for creating one.
2. We agree specific, measurable test objectives tailored to test specific policies and
processes within your organization.
3. We use a range of techniques including persuasion and reverse social engineering to
gain entry to your site.
4. We use different resources to gather information, including corporate website, public
search databases, jobsites, dumpster diving, public venues and physical access.
5. Final deliverable is a detailed report about the policies that were tested, and the
results of each attempt.
The following types of social engineering security attacks can be scoped and added to an
existing engagement:
PAGE 19 OF 27 2016, Caretower Ltd v3.6
a. External (Remote) Social Engineering Security Services
The external or internal social engineering security assessment(s) will begin with passive
internet reconnaissance that includes using publicly available sources, such as websites, search
engines, and DNS records. Caretower security consultants gather relevant information about
the company and employees available on the Internet such as employee names, titles, phone
numbers, and email addresses. This information will be useful when conducting the more
active social engineering security services below:
Phone-based Social Engineering Security Services: Utilizing information in the
reconnaissance phase, and impersonating a trusted individual, Caretower will make
phone calls to individuals within the organisation. The objective of these calls will be
to induce the users to divulge sensitive information over the phone in violation of
company policy.
Targeted Email "Phishing" Attack Social Engineering Security Services: Emails will be
sent to individuals and groups within the organisation in order to attempt to entice
the user to click on an external or internal link that will either attempt to gather
sensitive information or deliver a malicious payload onto their desktop system which
could include browser and operating system buffer overflows, Trojan horses and
keystroke loggers.
b. Internal (Onsite) Social Engineering Security Services
The internal social engineering security services will begin with passive Internet
reconnaissance that includes using publicly available sources, such as websites, search
engines, and DNS records, to gather relevant information such as employee names, titles, phone numbers, and email addresses:
Malicious Portable Media Social Engineering Security: USB Flash drives and CD-ROMs
with enticing labels such as "Payroll" will be left in public areas such as hallways,
restrooms and break rooms. The media will contain simulated malicious code that will
attempt to grab sensitive host information such as the network configuration, list of
running processes and a password hash dump.
Physical Security Assessment services: Caretower security consultants will perform a
high level assessment of physical security controls including:
1. Examine threats to the building
2. Identify good and poor practice
3. Access Controls Around IT Assets
4. LAN Jack Access Controls
PAGE 20 OF 27 2016, Caretower Ltd v3.6
During the course of this service, the delegates from Caretower will go through various processes to cover the main areas required for basic physical protection:
We will conduct reconnaissance of the security at the site, and then carry out a
number of penetration tests which will offer a reasonable impression of the level of
security at the building. If one is successful we will attempt to covertly gain access to
other parts of the building and attempt to gain access to sensitive information.
We will carry out checks to see how security conscious staff are at their workstation.
This will involve unlocked pedestals, drawers, access to cupboards and sensitive
information.
It should be noted that our techniques are typically non-destructive and any
potentially destructive techniques would only be attempted with the customer’s
explicit permission. Our approach may include one or more of the following:
o “Tailgating”, impersonating client or service personnel, and creating and
utilizing counterfeit badges or physical tokens in order to leverage social
engineering attacks and gain entrance to facilities.
o Attempting to photograph, record, or otherwise document sensitive material
within the client controlled environments, particularly environments
constructed to protect sensitive information.
o Removal of physical assets in settings where the flow of business is not
obstructed, but where the occurrence of such demonstrates a significant
information security risk (all assets are returned at the conclusion of the test).
2.12 Physical Security Risk Assessment
The Physical Security Risk Assessment is suggested for organisations looking for a base level
cyber security test where IT is a business enabler rather than a core deliverable. The main
objective of the risk assessment is to determine that your organisation has effectively
implemented the controls required to secure the physical area and in order to defend against
the most common and unsophisticated forms of physical attacks.
Caretower’s Physical Security Risk Assessment Services involves simulating real-world attacks
to provide a current view of threats to a client environment. These "human-based" attacks
consist of impersonating a trusted individual in an attempt to gain information and/or access
to information or the client network infrastructure.
During the course of this service, the delegates from Caretower will go through various process to cover the main area required for basic technical cyber protection:
Inspecting the site location and the current security measures in and around the site
location.
PAGE 21 OF 27 2016, Caretower Ltd v3.6
o Perimeter security: Outer fences to determine their suitability and distance
from the building. All possible entrances and exits (including vehicle and
pedestrian entrances). Lighting will be assessed.
o Operational security: Visiting/guest procedures of the operating company
and the appropriateness of information retention and information recorded.
Access to data racks and procedures for access.
o CCTV and monitoring systems: Coverage of CCTV units and alarms to ensure
that they cover all entrances/exits and that they work at night. Access to
these will also be assessed to ensure that they can only be accessed by
authorised staff, and if operated over the Internet, that appropriate security
controls have been put in place. Alert procedures to be assessed.
o Access control: Suitability of doors and biometric/card/physical key access to
areas, and creation and revocation of access. Security of the systems that
control physical access.
o Audits and logging of access: Auditing and logging of access control systems
and the security controls of this data. Storage of CCTV files, access to these.
o Personnel security: Vetting and rotas of cleaners, security guards,
maintenance staff, and 3rd parties of the data centre suppliers.
Review the current security policies and procedure documents.
Interviewing the personnel responsible for IT assets and for the site locations.
Provide evidence such as photos and video recording in the case of security risk
identified during the assessment.
Note: Going through the self-assessment questioner with the clients covering the above mentioned area and verify them.
2.13 Phishing Attack Awareness Online Training
Social engineering and Phishing awareness training can be provided through computer-based training (web based online) which enables employees to take training from any location.
It contains short modular videos, allowing employees to complete training in multiple
sessions as time permits.
Training topics can be tailored to address specific audiences.
Language options offer consistent training across your entire organisation regardless
of geography.
Two online quiz questions to test learner comprehension.
Can provide completion reports, which allow you to track completion for compliance
reporting purposes.
Note: This service can be customised as per the customer’s requirement.
PAGE 22 OF 27 2016, Caretower Ltd v3.6
2.14 Social Engineering Awareness Training Onsite
Social engineering and phishing awareness training onsite can be provided after the results of
social engineering security assessment(s) which enable employees and IT staff to review their weaknesses and areas of improvement.
This course will help you and your team understand how phishing attacks work, what
tactics cyber criminals employ, and how to spot and avoid phishing campaigns.
Alert your employees to the risks of clicking on links that can harm your organisation.
Reduce your risk of a cyber-attack due to social media tricks and phishing scams.
Educate and enlighten your employees to the risks of harmful links and attachments.
Know how to identify a phishing scam and equip others to avoid a scam if they see
one.
Educate the internal IT team with regards to how to react in real time in case of social
engineering attacks.
Note: This service can be customised as per the customer’s requirement.
2.15 Red Team Assessment
Red Team assessment is suggested for the clients who would like to test their robustness
against real time cyber-attack. The cyber threats to an organisation can come from multiple
sources, such as from criminal groups, political activists, competitors, hacktivists and can even
from ex-employees who has inside knowledge.
The client by purchasing a red team assessment will be receiving the following:
Key Features:
Dedicated team of 3 or more experienced ethical hackers will be working on this
project.
This assessment can be open scope or objective oriented scope.
Replicates a real attacker's approach of compromising the client’s IT infrastructure.
Open source intelligence gathering about the company and its employees.
Perform external network reconnaissance and attacks.
Perform Web application penetration test if necessary.
Perform external social engineering attacks that includes targeted spear phishing and
phone phishing.
Perform internal social engineering attacks.
Perform site surveillance and physical security assessment attacks.
Perform covert method to enter the office and plant rogue device on the network.
Perform wireless network attacks if required, in order to achieve the objective of the
assessment.
PAGE 23 OF 27 2016, Caretower Ltd v3.6
Benefits:
Identifies the weakest link of the organisation’s current security defence.
Measures the security awareness among the employees and technical team.
Measure the effectiveness of the current security control products such as AV,
firewall, IDS, IPS etc.
Knowledge transfer of where detection and response could be improved.
Provide detailed report with remediation guidance for all issues identified.
Note: This service can be customised as per the customer’s requirement.
2.16 Wireless Grey Box Network Test
Grey Box Wireless Network Penetration Testing occurs when attempts are made to securely
penetrate network systems and defences to identify entry points and vulnerabilities with some
prior knowledge of the systems or infrastructure in place. In this situation the client is obliged to provide us with an IP range and the types of services each host has.
The client by purchasing a Grey Box Wireless Network Penetration Test will be receiving the following service:
1. Discovery
Verify/enumerate active company hosts through probing/port scanning.
Identify operating system using passive and active fingerprinting techniques.
Identify/verify type of service per active host.
2. Test Activities
Perform vulnerability verification using manual testing methods.
Run publicly available exploit code against vulnerable targets, in a safe and
secure manner.
Perform Segmentation check between WLAN and LAN.
Identify rogue access points.
Exploit potential wireless Man in the Middle attacks.
Test wireless encryption and misconfiguration issues.
Denial of Service attacks will be performed. (Optional).
High risk vulnerabilities will be reported during testing.
3. Reporting
Generate an executive summary to confirm the date of the test and IP address
ranges tested.
PAGE 24 OF 27 2016, Caretower Ltd v3.6
Include a summary report of vulnerabilities identified by host.
Perform supplemental research and development activities to support
analysis.
Prioritised vulnerabilities based upon the ease of exploit, level of effort to
remedy and severity of business impact.
Make use of the CVSSv2 scoring system and CVE numbers to categorize the
identified vulnerabilities.
Assess current practice against industry best practices and provide detailed
remediation plan.
4. Post Engagement Activities
Perform follow up conference calls and/or meetings explaining the severity of
the findings.
Transfer knowledge through post engagement activities.
2.17 Host Build Security Audit
A host build security audit will get an insight into what might be the security issues on the
sample hosts that the company provide to Caretower on the day of testing.
Activities that will be carried out during the tests are mentioned below.
1. Discovery
Analysis of the host and the current security policies.
Verify type of services active on the hosts.
Identify the applications running on the hosts.
2. Test Activities
Assess current practice against industry best practices (Center for Internet
Security).
White box methodology will be incorporated while performing the
vulnerability assessment.
Perform supplemental research and development activities to support
analysis.
Prioritise vulnerabilities based upon the ease of exploit, level of effort to
remedy, and severity of impact if exploited.
3. Reporting
Generate an executive summary to confirm the host details.
PAGE 25 OF 27 2016, Caretower Ltd v3.6
Include a summary report of vulnerabilities identified on the sample hosts.
Delivery report includes Caretower findings, analysis, and recommendations.
Assess current practice against industry best practices and provide detailed
remediation plan.
4. Post Engagement Activities
Perform follow up conference calls and/or meetings explaining the severity
of the findings.
Transfer knowledge through post engagement activities.
2.18 Firewall Security Auditing
Firewall security auditing is a mandatory task for any corporate environment, a single
erroneous rule in a firewall configuration could have a devastating impact on the risk level of
the organisation. Caretower offers a firewall auditing service to help businesses to maintain a
secure network.
Firewalls are the first line of defence for the business network, examining an endless stream
of network traffic against a set of established rules. Over time, the exponential growth in web
applications, e-commerce, communication tools, and networked business applications has led
to a similar exponential growth in firewall complexity rules.
In a typical organisation today, a single firewall may be configured with thousands of rules to
define network access policies and allowed services.
The client by purchasing a Firewall Audit will be receiving the following service:
1. Discovery
Analysis of the host and the current security policies.
Verify type of services active on the Firewall.
Understand network design and layout (if necessary).
2. Test Activities
Retrieve and analyse firewall configuration information.
Map network interfaces to network zones.
Analyse the firewall against the organisation’s access policies (detect
violations, highlight compliance levels).
Find unused, duplicate and redundant rules (configuration optimisation)
PAGE 26 OF 27 2016, Caretower Ltd v3.6
Assess current practice against industry best practices and provide detailed
Remediation plan.
3. Reporting
Generate an executive summary to confirm the host details.
Include a summary report of vulnerabilities identified on the Firewall.
Delivery report includes Caretower findings, analysis, and recommendations.
Provide detailed remediation plan.
4. Post Engagement Activities
Perform follow up conference calls and/or meetings explaining the severity of
the findings.
Transfer knowledge through post engagement activities.
PAGE 27 OF 27 2016, Caretower Ltd v3.6
3. About Caretower
Why Caretower?
As an independent IT security specialist, Caretower provide comprehensive solutions to individual problems, thus allowing our recommendations to be unbiased. Over the years, Caretower has quickly established many long standing relationships with all of our vendors, achieving the highest status within these organisations based on the level of expertise within our internal sales, support and professional services teams. This relationship ensures we provide our customers with key changes within the industry which assists in their on-going security management strategy.
Following over 10 years consistent business growth, Caretower has reached the position of market leader in network security and protection. With a capacity to design and implement business ready solutions and a management team committed to customer satisfaction, we have fortified our position as one of Europe’s leading value added resellers.
Caretower has always believed that service and support are the keys to a strong relationship with our customers and this has ensured that we not only supply our security products, but also offer additional services such as onsite demonstrations, installations, training, audits and health checks.
Accreditations and Membership
As one of Europe’s leading I.T. Security Specialists, we are committed to providing a high standard
of Penetration Testing and as such have achieved numerous accreditations and memberships of
professional organisations including the following:
Want to find out how we can help support and protect your business?
Speak to your dedicated Caretower Account Manager today or you can call/e-
mail:
0208 372 1000 / [email protected] / www.caretower.com