• About
• Security testing
• IT Governance
• Training
• Projects
• Advisories

Specialized Tests

We offer a number of specialised tests for advanced technology areas. These can be part of a full-scale penetration test, or they can be performed independently.

WiFi Network Test

Insecurely configured wireless networks often provide an entry point into an organisation's network. Securing wireless networks is further complicated by the fact that earlier security technologies such as WEP are now known to be badly flawed.

Our dedicated wireless network assessment will test the security of authorised wireless networks. Also, it will allow the discovery of illicit wireless access points (e.g. users who have connected such an access point on their own to your internal network).

PBX Tests and War-Dials

Now that broadband Internet connectivity is nearly ubiquitous, the security of telephone lines, which may provide an alternative access method into your organisation, is often overlooked.

In this context, Scanit offers a security audit of PBX facilities. We find that for this type of installation, broad access can often be obtained from outside of the company by using undocumented features or by guessing the appropriate PIN codes. This may allow attackers to access your voice mail, or to make international calls using your infrastructure.

Secondly, Scanit can perform so-called war dials. This type of test looks for insecure dial-in access to your organisation. Typical examples of this include illicit modems installed by users, and vendor maintenance dial-in facilities.

VoIP

The convergence of voice and data traffic offers interesting cost-saving and flexibility opportunities. However, at the same time this integration increases the risks to your organisation (e.g. by rendering your voice traffic vulnerable to disclosure via sniffing attacks).

A Scanit VoIP audit will allow you to assess your exposure. Topics covered include your VoIP topology and authentication framework. Also, it will check specific infrastructure-related security issues (e.g. vulnerabilities in particular devices)

Remote Access Test

Today a lot of companies offer their employees remote access to the corporate network. Such systems increase productivity but also provide additional entry points for hacking attacks.

We have experience in security testing of various remote access solutions, such as dial-in servers, IPSec and SSL VPNs and GPRS. The test can be performed from a perspective of a malicious outsider who attempts to connect to the corporate network. In a "stolen device scenario" we test if an attacker who has stolen a company laptop or a PDA can use it gain access to the corporate network. The test can also include a configuration review of server- and client-side devices.