Black Box:
White Box:
• Security Auditor is provided with significant knowledge of the remote network.
• Type of network devices (i.e. Cisco gear, TCP/IP),
• Web Server details (i.e., Apache/Win2k, Netscape, etc),
• Operating System types (i.e., Windows/Solaris/RedHat, etc),
• Database platforms (i.e., Oracle or MS SQL, MySQL, DB2, etc),
• Load balancers (i.e. Alteon, Cisco),
• Firewalls (i.e. PIX, Checkpoint NG). etc
• Simulates an attack by an internal hacker who has a detailed knowledge of the client’s
network environment.
Non-Destructive:
• Identifies possible vulnerabilities
• Analyzes and confirms findings
• Maps the vulnerabilities with proper exploits
• Exploits the remote system with proper care to avoid disruption.
• Proof of concept provided
• No Denial of Service (DoS) attack is tried
Full Attack:
• Identifies possible vulnerabilities
• Analyzes and confirms the findings
• Maps the vulnerabilities with proper exploits
• All attacks, including Denial of Service (DoS) and buffer overflows, are used.
• Security Auditor has no previous knowledge of the network to be tested.
• Only the company name, office location or the IP address is known
• Social Engineering: attempts by an Auditor to convince employees to volunteer
information such as passwords or access devices that will allow the Auditor to access
inappropriate areas of the network.
• Simulates “real world” hacking and attacks by a hacker who has no knowledge of
client’s environment (e.g., production operating systems, applications running, device
types and network topology, etc.).
• Only the company name, office location or the IP address is known
• Social Engineering: attempts by an Auditor to convince employees to volunteer
information such as passwords or access devices that will allow the Auditor to access
inappropriate areas of the network.
• Simulates “real world” hacking and attacks by a hacker who has no knowledge of
client’s environment (e.g., production operating systems, applications running, device
types and network topology, etc.).
White Box:
• Security Auditor is provided with significant knowledge of the remote network.
• Type of network devices (i.e. Cisco gear, TCP/IP),
• Web Server details (i.e., Apache/Win2k, Netscape, etc),
• Operating System types (i.e., Windows/Solaris/RedHat, etc),
• Database platforms (i.e., Oracle or MS SQL, MySQL, DB2, etc),
• Load balancers (i.e. Alteon, Cisco),
• Firewalls (i.e. PIX, Checkpoint NG). etc
• Simulates an attack by an internal hacker who has a detailed knowledge of the client’s
network environment.
Non-Destructive:
• Identifies possible vulnerabilities
• Analyzes and confirms findings
• Maps the vulnerabilities with proper exploits
• Exploits the remote system with proper care to avoid disruption.
• Proof of concept provided
• No Denial of Service (DoS) attack is tried
Full Attack:
• Identifies possible vulnerabilities
• Analyzes and confirms the findings
• Maps the vulnerabilities with proper exploits
• All attacks, including Denial of Service (DoS) and buffer overflows, are used.
No comments:
Post a Comment