BLU3's objective will be to provide an assessment of the site's external/internal security profile of networked computer systems and intrusion detection capabilities.

Remote System Penetration service: Including remote identification of security targets, port scanning of identified targets, entry attempts to those services, and several optional denial-of-service tests.  Enterprise System Penetration service: A full security audit, performed both on site and via Internet, covering public exposures and a broad range of infiltration and penetration techniques. BLU3 Technologies will evaluate your network for you and then assist in resolving any vulnerability found. We fully document any exposures we discover during our audit. In addition, we document each of the alternative means of eliminating those vulnerabilities and assist you in selecting among various alternatives. Finally, we work with you to close these exposures and then test again to verify that they are effective.

Organizations are increasingly aware that controlled security vulnerability testing is a major element in identifying exposures and ensuring that a hostile party does not exploit them.  The objective of penetration testing is of course to investigate the system from the attacker's perspective. The primary aim is to identify exposures and risk before seeking a solution.

Network Penetration Testing:

BLU3'S network penetration test will be conducted in four phases:

Network Mapping:

BLU3 outside research will obtain much of the required information regarding the site?s network profile, such as IP address ranges, telephone number ranges, and other general network topology through public information sources such as Internet registration services, web pages, and telephone directories. More detailed information about the site?s network architecture will be obtained through the use of domain name server (DNS) queries, ping sweeps, port scans, and connection route tracing. Informal inquiries, not linked to BLU3 research, may also be attempted to gather information from users and administrators that could assist in gaining access to network resources. Once this general network information is compiled and analyzed, BLU3 will begin identification of individual system vulnerabilities.

Vulnerability Identification:

During this phase, BLU3 will attempt to associate operating systems and applications with identified computers on the network. Depending upon network architecture, this may be accomplished using automated tools, such as NMAP and ISS, or using manual techniques, such as telnet, ftp, or sendmail login banners. Using this information, BLU3 will create a list of probable vulnerabilities associated with each potential target system. Also, at this point, automated scripts will be developed or compiled to attempt exploitation of vulnerabilities.

Exploitation:

During this phase, system and user information will be used to attack the authentication processes of the target systems. Example attack scenarios in this phase include, but are not limited to: buffer overflows, application or system configuration problems, modems, routing issues, DNS attacks, address spoofing, share access and exploitation of inherent system trust relationships. Potential vulnerabilities will be systematically tested in the order of penetration and detection probability as determined by the members of the BLU3 penetration testing team. The strength of captured password files will be tested using password-cracking tools. Individual user account passwords may also be tested using dictionary-based, automated login scripts. In the event that an account is compromised, BLU3 will attempt to elevate privileges to that of super user, root, or administrator level.

Since the goal of BLU3 testing is to determine the extent of vulnerabilities, and not simply penetrate a single site system, information discovered on one system may be used to gain access to additional systems that may be "trusted" by the compromised system. Additionally, host-level vulnerabilities may be exploited to elevate privileges within the compromised system to install "sniffers" or other utilities. BLU3 will maintain detailed records of all attempts to exploit vulnerabilities and activities conducted during the attack phase.

Reporting:

BLU3 will provide an on-site briefing of results. These results will also be documented in a management level report provided to the site management team.  Specific details on vulnerabilities will also be provided to site technical personnel
 

Additional Services:  Dial-In Testing / Remote Access Review:

Many organizations rely on dial-in systems and virtual private network (VPN) access, perhaps for traveling personnel or for office contact. Some also use dial-out for Internet access.

Dial-in and remote access testing covers both these systems and embraces a number of distinct tests (including modem testing and war-dialing).   We check for vulnerabilities and common misconfigurations that can be used to gain access to your networks, perform denial of service attacks, or gather sensitive information. Testing is performed both remotely and onsite to probe your internal network for security vulnerabilities, known software bugs, configuration problems, and unnecessary network services.