Penetration Test/Testing (in Greece)

You’re reading this unit about Penetration Test or Testing in Greece,
since you’re searching for one of the following terms regarding: check
for network, domain or eshop vulnerabilities.

If you’re looking for any of the above mentioned, then in this unit you will read,
in simple words, about the choices that the expert team of TicTac can provide, answering to your needs:

  • Information systems & cyber resources security check
  • Penetration Test
  • Penetration Testing
  • Network vulnerabilities check & security gaps highlight
  • Website vulnerabilities check & security gaps cover
  • Eshop vulnerabilities check
  • Security Audit
  • Domain Network Security Check
  • Network security gaps detection

What Penetration Test is?

In simple words, Penetration Test will offer you the opportunity to know through which security gaps you could have been attacked by a malicious action. Detection of vulnerabilities is only the beginning, since the issues that will have been detected from our experts, have to get solved and covered.

The security check service of your domain has as a purpose:

  • Reporting the security gaps and the ineffective processes
  • Checking (deeply or not) the security systems
  • Evaluating the effectiveness of the security solutions that your domain has already

What kind of dangers has a business environment to deal with?

Every business environment or organization is based on its computer mechanics, either internals or externals, ensuring that the internal domains (local network, servers, backups, shared resources tch.) or the external resources (website/eshop) are safe and protected against external attacks.

Although, in most of the cases, security gaps are increasing every day, whereas technicians’ knowledge regarding this kind of issues is limited, since they don’t know all the vulnerabilities which they have to manage.

In our days, there are computer/information experts who are specialized in security gaps (Cyber Security Experts) and in collaboration with the existing staff or the external partners of your business, they can detect much more security gaps and check through more serious and demanding standards, to provide you with the risks that you have to deal with and where you have to focus on.

Ransomware incidents and Cyber Attacks (external cyber-attacks) have been multiplied in the last few years, whereas they can consist of a financial damage for a business. It is not a coincidence, that many companies had to pause their businesses, since they couldn’t recover after the cyber-attack, which costed them all their data.

Which are the types of “checks” that exist?

TicTac team offers the following domain security checks:

  • Ransomware vulnerabilities check
  • Internal Network Penetration Test
  • WiFi Penetration Test
  • Website / Eshop security check
  • VOIP PBX Penetration Test
  • On-Site / Off Site Penetration Test

Checks can be scheduled based on the hours and days you are available, in order not to disturb the everyday flow of your business. (Contact us), so we have an appointment, where our security technicians will inform you which check applies to your domain.

Available packets for Security Audit from TicTac Data Recovery:

Below you can find some of the most common packets of security checks for small & medium companies or organizations, offered by TicTac:

Packet 1: CHECLIST FOR RANSOMWARE

The following checks/actions are included in:

  1. Patch level – patching policy applied
  2. Domain: Are all the systems part of a domain with policies about limited user rights?
  3. Proxy: Does anyone use proxy for Internet access?
  4. UTM solutions, firewall, IDS/IPS that are used
  5. Antimalware use (enterprise antivirus + andpoint security)
  6. Backup policy

Received after the check: Evaluation report about the risks, in which the level of readiness to deal with a Ransomwrae attack will be included – rating depending on the category – final/completed rating

Cost (approximately): from 400 + VAT, depending on the level of details (e.g. simple interview or parametrization check too?)

Packet 2: EXTERNAL CHECK (Penetration Test)

The following checks/actions are included in:

  1. Penetration Test: detection of active communications, resources and protocols
  2. Scan and detection of vulnerabilities in systems, software, active services, and communication protocols
  3. Detection of information in network, systems and services, which could be used for further attacks by malicious web users
  4. Web applications check for possible vulnerabilities, such as execution of malicious orders or code, breach of controlling and authentication mechanisms, data breach, limited security parametrization and malicious software usage

Received after the check: Evaluation report about the risks, in which will be included the following:

  • List of the findings regarding the weaknesses and the vulnerabilities, in order depending on their cruciality
  • Explanation and analysis of each finding
  • Possible attack means and availability of factors for each weakness
  • Consequences for the business and its services
  • Possible/available ways to deal with the findings

Cost (approximately): from 700, when the cost depends on the complexity of the checks, which will be decided during the interview

Packet 3: EXTERNAL CHECK WITH PENETRATION TESTING (Penetration Testing)

The following checks/actions are included in:

  1. Penetration Test: detection of active communications, resources and protocols
  2. Scan and detection of vulnerabilities in systems, software, active services, and communication protocols
  3. Detection of information in network, systems and services, which could be used for further attacks by malicious web users
  4. Web applications check for possible vulnerabilities, such as execution of malicious orders or code, breach of controlling and authentication mechanisms, data breach, limited security parametrization and malicious software usage
  5. Penetration Testing: attempts of attacking the system, based on the vulnerabilities that have already been detected through the penetration test (1), in order to gain access or the control of the domain

Received after the check: Evaluation report about the risks, in which will be included the following:

  • List of the findings regarding the weaknesses and the vulnerabilities, in order depending on their cruciality
  • Explanation and analysis of each finding
  • Possible attack means and availability of factors for each weakness
  • Consequences for the business and its services
  • Penetration Testing results with evidences and analysis of each action of the solution
  • Possible/available ways to deal with the findings

Cost (approximately): ~600, when the cost depends on the complexity of the checks, which will be decided during the interview

Packet 4: EXTERNAL & INTERNAL CHECK (Penetration Test)

The following checks/actions are included in:

  1. Penetration Test: detection of active communications, resources and protocols
  2. Scan and detection of vulnerabilities in systems, software, active services, and communication protocols
  3. Detection of information in network, systems and services, which could be used for further attacks by malicious web users
  4. Web applications check for possible vulnerabilities, such as execution of malicious orders or code, breach of controlling and authentication mechanisms, data breach, limited security parametrization and malicious software usage
  5. Scan from the inside to all the business systems and detection of vulnerabilities in systems, software, active services, and communication protocols
  6. Systems and parameterization check (for each unit separately):
  • Operating system: Parametrization, hardening, authentication mechanisms, parameterization of active protocols, protection of sensitive information during storage and transaction, mechanisms and protocols of encryption, reporting mechanisms of system actions etc.
  • Data base: Parametrization, hardening, authentication mechanisms, protection of sensitive information during storage and transaction, mechanisms and protocols of encryption, reporting mechanisms of system actions etc.
  • Individual systems (separately): Web servers, application server & web applications parametrization

Received after the check: Evaluation report about the risks, in which will be included the following:

  • List of the findings regarding the weaknesses and the vulnerabilities, in order depending on their cruciality
  • Explanation and analysis of each finding
  • Possible attack means and availability of factors for each weakness
  • Consequences for the business and its services
  • Possible/available ways to deal with the findings

Cost (approximately): ~1000, when the cost depends on the complexity of the checks, which will be decided during the interview

Packet 5: EXTERNAL & INTERNAL CHECK

The following checks/actions are included in:

  1. Penetration Test: detection of active communications, resources and protocols
  2. Scan and detection of vulnerabilities in systems, software, active services, and communication protocols
  3. Detection of information in network, systems and services, which could be used for further attacks by malicious web users
  4. Web applications check for possible vulnerabilities, such as execution of malicious orders or code, breach of controlling and authentication mechanisms, data breach, limited security parametrization and malicious software usage
  5. Scan from the inside to all the business systems and detection of vulnerabilities in systems, software, active services, and communication protocols
  6. Penetration Testing: attempts of attacking the system, based on the vulnerabilities that have already been detected through the penetration test (1), in order to gain access or the control of the domain
  7. Systems and parameterization check (for each unit separately):
  • Operating system: Parametrization, hardening, authentication mechanisms, parameterization of active protocols, protection of sensitive information during storage and transaction, mechanisms and protocols of encryption, reporting mechanisms of system actions etc.
  • Data base: Parametrization, hardening, authentication mechanisms, protection of sensitive information during storage and transaction, mechanisms and protocols of encryption, reporting mechanisms of system actions etc.
  • Individual systems (separately): Web servers, application server & web applications parametrization

Received after the check: Evaluation report about the risks, in which will be included the following:

  • List of the findings regarding the weaknesses and the vulnerabilities, in order depending on their cruciality
  • Explanation and analysis of each finding
  • Possible attack means and availability of factors for each weakness
  • Consequences for the business and its services
  • Penetration Testing results with evidences and analysis of each action of the solution
  • Possible/available ways to deal with the findings

Cost (approximately): ~1300, when the cost depends on the complexity of the checks, which will be decided during the interview

Packet 6: DOMAIN SECURITY CHECK

The following checks/actions are included in:

  1. Penetration Test: detection of active communications, resources and protocols
  2. Scan and detection of vulnerabilities in systems, software, active services, and communication protocols
  3. Detection of information in network, systems and services, which could be used for further attacks by malicious web users
  4. Web applications check for possible vulnerabilities, such as execution of malicious orders or code, breach of controlling and authentication mechanisms, data breach, limited security parametrization and malicious software usage
  5. Scan from the inside to all the business systems and detection of vulnerabilities in systems, software, active services, and communication protocols
  6. Penetration Testing: attempts of attacking the system, based on the vulnerabilities that have already been detected through the penetration test (1), in order to gain access or the control of the domain
  7. Systems and parameterization check (for each unit separately):
  • Operating system: Parametrization, hardening, authentication mechanisms, parameterization of active protocols, protection of sensitive information during storage and transaction, mechanisms and protocols of encryption, reporting mechanisms of system actions etc.
  • Data base: Parametrization, hardening, authentication mechanisms, protection of sensitive information during storage and transaction, mechanisms and protocols of encryption, reporting mechanisms of system actions etc.
  • Individual systems (separately): Web servers, application server & web applications parametrization
  1. Domain network check: network architecture, separation of network & communications, parametrization of routers, switches, firewalls, extra security mechanisms (IDS, IPS, Antivirus etc.), authentication and access mechanism
  2. Secure parameterization check of virtual domain
  3. End-point check: parameterization, security mechanisms, client applications
  4. Mobile applications: function, communications, parameterization, rights, authentication mechanisms & access management check
  5. Domain’s physical security check
  6. Reporting mechanisms & access monitoring check, domain, danger alert & responding actions check

Received after the check: Evaluation report about the risks, in which will be included the following:

  • List of the findings regarding the weaknesses and the vulnerabilities, in order depending on their cruciality
  • Explanation and analysis of each finding
  • Possible attack means and availability of factors for each weakness
  • Consequences for the business and its services
  • Penetration Testing results with evidences and analysis of each action of the solution
  • Possible/available ways to deal with the findings
  • Analysis of the architecture, consulting regarding the security increase of the domain

Cost (approximately): Depending on the case and the domain type

Packet 6: DOMAIN SECURITY CHECK

Suggested scenarios of Social Engineering Attack:

1st scenario: Domain Spoofing / Phishing

  • The IT Manager or a colleague sends an email asking for employees’ password, for a “fake” domain migration
  • The mail can be from a fake “personal” email of a manager or partner, or from a similar domain name

2nd scenario: Phishing Attack / Domain Replication

  • A link is received by the users, in which the attackers are asking for their passwords on a fake site
  • One of the most possible scenarios is the fact that a “strange” access detected and changing the password via the link is suggested
  • In this way, the attackers gain access to the details of others account
  • This mail, regarding the change of the password, could have been sent through a similar domain name

3rd scenario: Ransomware Attack simulation with a document without malicious payload

  • A Phishing email is received, which records how many, but not who, opened it and how many of them clicked on “enable macros”, resulting in opening a Ransomware file
  • It is completely safe and we will not get access to
  • We perform a “virtual” realistic malicious attack, without the cleanup level
  • Possible scenarios: sales, mails from fake persona or journalist, leaked documents
  • This mail could have been sent through a “personal” email of a colleague or similar domain name

Contact us for an appointment

Click here to contact us for further information, whereas you will receive the check questionnaire.

Thank you for your time to this article regarding penetration testing / penetration test or network vulnerabilities check, offered by the TicTac