Penetration testing for your Networks and Websites
As a business owner / Manager, it is crucial that you take all possible steps to secure your business, both from external threats and internal threats, but the issue is WHAT ARE THOSE THREATS??
This where Purple Triangle can help. We provide a wide range of testing both complaince and penetration testing. We will find the vunerabilities in your system so that remidial action can be taken to shore up your defences against them.
See below for some of the tests we can perform.
Here are 6 use cases for an Nmap scan (if this all gobbledygook to you, dont worry, thats why we are here, call us on 02476 320788 today for a chat)
- Determine status of host and network based firewallsUnderstanding the results from the online Nmap scan will reveal whether a firewall is present.
- Test Firewall Logging and IDSLaunch remote scans against your infrastructure to test that your security monitoring is working as expected. Review firewall logging and Intrusion Detection System alerts.
- Find Open Ports on Cloud based Virtual ServersIn 2016 thousands of MongoDB databases were compromised and data leaked due to the server being configured to listen on the Internet facing Interface. Using Purple Triangle services it is possible to quickly identify a host firewall with holes or services poorly configured.
- Detect Unauthorized Firewall ChangesWhen your firewall rule base changes require change board approval. A scheduled Nmap Port Scan can quickly determine firewall changes that have not been through the change approval process.
- Not all Firewalls work well with IPv6As IPv6 gets deployed it is important to understand whether the IPv6 interface has the same level of protection as the existing IPv4 addresses. Many virtual servers (VPS) are deployed with IPv6 enabled by default. Have you checked yours?
- Troubleshoot Network ServicesYour getting pushed to roll out the new service. The network guys are saying its not their problem, and the firewall administrator is pointing the finger at the developers. Sometimes you just need to know if the port is open and listening.
Here are 5 use cases for the Domain Profiler Tool
- Internal Operations Team
- Check the results of this analysis against internal asset lists. Quickly find gaps in the assets or forgotten systems. Staff turnover in many organizations can lead to orphaned systems that are Internet facing and no longer maintained. Asset management systems should be aware of these systems, but sometimes they slip through the cracks.
- Incident Response
- Whether you are chasing down a major incident (DFIR) or simply in need of contextual information around a domain for alert triage. This is a tool that will surely save time during the analysis or investigative process.
- Penetration Testers
- The first stage of any penetration testing engagement is to compile open source intelligence into a picture of the target. Using OSINT methods allows a great deal of information to be collected without sending any packets to the target. This is known as passive information gathering.
- Business Intelligence
- Detailed open source information reveal technologies and third party service providers of an organizations. This can benefit a number of different investigative processes including competitive analysis. The key here is the fact that the information is from open sources, with zero impact to the target.
- Bug Bounty Hunters
- The passive nature of the information discovery, allows bug hunters (and other attackers) to quickly find systems that may be worth spending time assessing for vulnerabilities. A bounty hunter with a list of programs (domains) can submit a list of targets and watch the results come into their email box, quickly reviewing each to find easy wins.