Ethical hacking
Whiteshield, a company specializing in IT security, was established by a group of ethical hackers with one common goal in mind; revealing the true nature of the customers' infrastructure from a security perspective. What we aim to achieve is no less than a comprehensive vulnerability assessment through a set of methodological disciplines, including scoped security assessment, penetration testing and even social engineering.
Our expertise lies in delivering professional technical guidance for our clients, so that they may effectively strengthen their systems, thus preventing sensitive information from being compromised through a possible attack.
What is Ethical Hacking?
It is a well known fact that all IT systems are threatened by vulnerabilities as they are discovered in a daily manner.
Planning for and handling these risks is becoming more important than ever for decision-makers.
Consider the possibility of one or more of the following:
- a competitor gaining access to the company database and being able to make modifications to sensitive data
- protected information becoming publicly available for phishing robots lurking around the internet
- a third party, other than the sender and the intended recipient, gaining access to corporate e-mail
- an outsider logging in on the company’s internal network via WiFi nearby in the street
- the company website being re-structured or falsified to bring discredit or mislead visitors
Could it be possible that any of these have already happened? Even worse: what if it is continuously occurring, but simply no one is aware of it? Such incidents may happen more often than one might dare to think. Unfortunately, most victims would not even realize a penetration or permanent stay of a stranger in their system until sensitive information has already leaked, causing unexpected damage to business value.
In short, Ethical hacking is nothing more than a simulation of a real hacking attack. Our experts are equipped with the same set of skills and tools as the malicious hackers are, those who are in the daily news, accused of committing cyber crime.
Our team consists of ethical hackers with expertise in information security. After careful planning and negotiation with the customer, we attack a commonly defined scope of the infrastructure or application in order to reveal possible weaknesses and vulnerable points that could present easy targets to actual unwanted attacks.
Our projects often result in a shocking outcome to the principals. This is why our service consists not only of penetration testing, but we are ready to actively participate in eliminating the security gaps that have been revealed. We offer consultancy and support in refactoring of certain infrastructure or software components and in the phase of specification if requested.
Ethical hacking - what we do
During the assessment we simulate a real hacking attack; we act and think as a malicious attacker would, using similar tools to explore and assess how safe the corporate IT infrastructure is, and what information or data one may gain access to.
Our specialists deliberately seek out all available information online as if the company was a subject to study. Through the eyes of a hacker, a detailed structure is built, technologies and solutions of the customer are explored, security risks and threats are found. Not only do we go through well-known vulnerabilities that are published on the internet, but we explore the update policy and security footprint due to the lack thereof, as well as unintended gaps or results of human negligence. Custom-developed services and solutions are assessed with special care on typical design failures.
Below is a list of deliverables that should be expected at the end of a project:
- Prioritized recommendation list with the steps needed to be taken in order to eliminate all risks and strengthen your systems
- Executive summary to describe the current state and the risks in a non-technical language
- Technical summary on the security gaps for developers and system administrators
- Detailed and itemized report on the assessment
Once again, our primary objective lies not in finding one soft spot to penetrate through and compromise the system, but to uncover each and every brick that came loose to weaken the whole structure, to document these findings and make recommendations on how to eliminate them most effectively.
External vulnerability assessment
The very first phase of each ethical hacking project that we recommend to companies with one or more physical locations is to let us familiarize ourselves with how they appear to the world from outside.
The external vulnerability assessment primarily focuses on how an attack could be carried out from the outside inwards, most commonly reaching down from a seemingly harmless company website to a database server. There are also other types of external connections that fall within the scope of the external assessment, such as leased lines or other private solutions.
The process contains several phases that are typically firmly linked to each other, as in collecting general and technical information on the customer’s networking infrastructure, its installed hardware and software components, system services, network traffic analysis which is followed by an automated vulnerability assessment with specialized targeted software also used by fraudulent hackers. There are always things that are not subject to automation due to their nature, here manual assessments and penetration attempts are made, which we – by the way – love and value the most.
Internal vulnerability assessment
Statistics show that the most devastating attacks are partly or completely committed by the company’s own dissatisfied or angry employees, as they try to push an advantage that they believe to be rightful or just. Their intention is not necessarily to cause effective damage to company value. Curiosity often serves a great motivation as well - accessing sensitive information that should normally remain undisclosed holds out the promise of knowledge and power.
We recommend an internal vulnerability assessment to all our clients who have sensitive information stored on their intranet or internal network, and prefer not to have them accessed by employees without proper roles or authorization.
Assessment of WiFi networks is closely related to the internal vulnerability assessment described earlier, as WiFi networks are directly connected to the local area network (LAN). However, they have a much greater signal coverage than the physical area of the office itself. If a hacker ever successfully gained access to the WiFi network, he would have the same set of rights as a registered internal company user does. He would then have the chance to implement transparent data mining, elevate his level of privilege, or carry on with taking over any of the devices found on the corporate network without anyone ever noticing.
An internal vulnerability assessment takes place locally at the customer’s office with a direct physical link to the LAN. Software functions and services are then picked up and examined to see if they can be exposed, and if so, which roles are affected (e.g. a guest account or an average employee).
Vulnerability assessment of complex web applications
This assessment intends to fit the needs of companies that have custom web applications specially developed or adopted to support their business processes. However commonly used widespread web applications (portal, web shop, utility meter registration, etc.) that carry company value or store highly sensitive data also make a typical subject to assess.
These applications are handled with special care as they literally form the building blocks of the business and render connections and links between the external world and the confidential company environment.
According to Gartner market research, some 75% of all malicious hacking attacks target complex web applications, which is hardly surprising if we consider a couple of basic common sense facts.
Most companies inattentively disperse a considerable amount of semi-public information of a general and technical type, revealing parts of their infrastructure, software solutions they use, and so on. This alone would imply no great threat if the security patches supplied by software vendors were applied in a timely manner. Additionally, most uncovered security holes are published, so that IT service operators and technical analysts would be well aware of the risks that might affect their systems – however they are not the only ones to benefit from this information.
From a malicious attacker’s point of view, a long unpatched or outdated system makes an easy target when the small pieces of disclosed information are pieced together like a puzzle.
Our experts will determine the current application security level, explore the vulnerable points and soft spots with automated tools and manual techniques so that you can rest assured that all risky gaps that need intervention are revealed and classified.
Social Engineering
The human factor is the highest risk of corporate information disclosure. Social Engineering will not exploit vulnerabilities of the IT infrastructure components such as hardware, software or network devices, but the weaknesses of human nature in order to acquire sensitive information. With the help of specially prepared, personalized and structured techniques anyone can penetrate into systems believed to be bulletproof, and can access, modify or even delete sensitive data.
Social Engineering often enables the attacker to bypass installed security toolsets such as firewalls or intrusion detections systems. The naivety of users results in an easy penetration point - these attacks aim that the target persons provide credentials themselves so that the intruders may infiltrate the corporate network.
Our methodology for Social Engineering includes some simple verifications such as the fulfillment of the clear desk policy (e.g. could a visitor get hold of confidential data, passwords printed or noted on clips of paper) and tests on how the users react to the most widespread human attack methods: fraudulent email, chat or attacks over the phone.