Network Intrusion Test

Knubje

Knubje

Knubje

Soldato
Joined
5 Jun 2008
Posts
6,240
Location
Portsmouth/Fareham
Hi all,

I work for a private bank as a system admin and have been asked about performing intrusion tests on our internal/external networks.

Not being very good with my network skills yet; I am looking at possibly getting a company or group of certain individuals to assist on this matter of cracking down on security.

Does anyone have any useful information about how I can go about this and who maybe the 'right' people to talk to?

Any help is much appreciated! Thanks!
 
~Hi

Let me know your external IP and any Domain / Enterprise Admin details and I will happily probe your banking network - Also any SQL sa or root user password would also help with my testing......;):D:p

You could also try looking at running NMAP from an external source or try grc.com to run a low level port scan...

Rob:cool:
 
There are loads of companies that do this sort of work, finding someone good is the problem. I'll try and dig out the name of a company we used a while back...
 
Sp00n said:
Shieldsup used to be a reasonable starting point.
Click to expand...

Nowhere near I'm afraid.

If you're serious about doing real penetration testing on either applications or networks, then you need to be talking to specialists. We use KPMG and one other firm (can't remember their name - I'll get it tomorrow), and they're not cheap. Think thousands+ for a couple of week's work. If you're a bank, this is the sort of level you need to be thinking at. Doing a simple nmap is pretty much meaningless - people are going to put a lot more effort into cracking a bank as the rewards are so much higher.

http://www.kpmg.co.uk/services/ras/t/internet_security.cfm
 
lol, as others have said, running nmap yourself really isn't going to cut it! and to be blunt about it, i can't believe a bank doesn't already have these bases covered! i've had involvement with nta monitor, irm and peapod. i've also worked on a firewall implementation project with a guy who used to head up the testing team at insight (part of siemens) although he has moved onto pastures new. i can find out who he is working for now and put you in touch if that would help? are you on linkedin?
 
Last edited:
growse said:
Nowhere near I'm afraid.

If you're serious about doing real penetration testing on either applications or networks, then you need to be talking to specialists. We use KPMG and one other firm (can't remember their name - I'll get it tomorrow), and they're not cheap. Think thousands+ for a couple of week's work. If you're a bank, this is the sort of level you need to be thinking at. Doing a simple nmap is pretty much meaningless - people are going to put a lot more effort into cracking a bank as the rewards are so much higher.

http://www.kpmg.co.uk/services/ras/t/internet_security.cfm
Click to expand...


That company seem very professional and look like ideal candidates.

Do you have any idea on who the other company was that you recommended?
 
Knubje said:
That company seem very professional and look like ideal candidates.

Do you have any idea on who the other company was that you recommended?
Click to expand...

Well it is KPMG (one of the largest consultancy groups in the world), you'd expect them to be professional. They will be good but they will also be horribly expensive - then again, banks are exactly the market they're targeting and they'll have experience of working with them.

A good bet if you can afford it, I seem to have lost the name of whoever we worked with a while back, will have a dig through my archive later if I have a moment.
 
Thanks very much for your help guys.

It turns out that one of our associates have used RMPG and obviously did a very good job.

I will make recomendations and nothing will probably come of it, but at least I tried :)
 
You must log in or register to reply here.
Back
Top Bottom