Penetration Testing
We can conduct Penetration tests on your vessels in order to identify any vulnerabilities of the infrastructure on board.
We offer the following types of Penetration testing:
External Testing
In an External Penetration test, we perform a vulnerability scan of your company’s externally-facing (public) systems, manually verify issues, and exploit issues.
External Testing simulates an attack on a target company’s servers and devices which are externally visible (visible from the internet). This type of test determines if an outside attacker can get into the network, and if so, how deeply into the system they can breach. An external penetration test attempts to break into domain name servers (DNS), web servers, email servers, and get through firewalls.
Internal Testing
During this phase, we perform port scans, vulnerability scans, and testing for all computers, devices, databases, and networking equipment on in-scope networks. We then validate the scan results to weed out false positives by manually verifying a subset of results within particular vulnerability classes and review the discovered vulnerabilities. We include ones marked as “Low” or “Informational,” as well as manually probe the in-scope networks to look for additional methods of entry or compromise not flagged by a scanner.
Internal Testing simulates an attack from within an organization, carried out by an authorized user with some level of access privilege, such as an angry employee or someone acting as a “corporate spy.” This test is from within the boundaries of the firewall, as is good for determining the security of intellectual property, customer lists and other business information that needs to stay on premises even when an employee leaves.