Trustwave has been performing Network Penetration Testing for its customers for over 10 years. Our team is highly experienced and trained in the latest tools and techniques used by individuals and organizations that commonly compromise networks and the systems within to obtain access to confidential data and critical resources. The results of every Penetration Test presented by Trustwave include complete details on the systems and network identified, exploitation results, and both tactical and strategic recommendations.

External – Network Penetration Testing

The core ideal around our Network Penetration Testing methodology is to organize and to iteratively test the target environment from the most general components to the most specific. In this way we can effectively model attack scenarios that highlight risk from the largest, most complex environments down to the most simple, and anywhere in between. The entire testing process is primarily manual to limit generic results from scanners and checklist methods used in general vulnerability assessments. In this way Trustwave can focus the engagement on directed attack logic based testing against systems and networks.

Internal – Network Penetration Testing

Internal threats comprise the greatest risk facing many organizations today. Internal corporate LAN/WAN environments are structured to allow users greater amounts of access with fewer security controls. As layers of security between a would-be attacker and sensitive data are removed the risk of compromise greatly increases. Trustwave will work with you to structure an internal penetration test in a way that meets your business needs, and creates minimal business impact. Keeping with the structured methodology for penetration testing, Trustwave maps the same iterative approach to the internal network. For internal testing the most common test design is to have a Trustwave consultant "report for work" as a regular employee or contractor, and utilizing normal to minimal system access levels that would be given to the role being simulated, iteratively test all access controls in an attempt to acquire critical data. This is only one testing option, and our security testing specialists will work with you to design the most effective testing scenario. As a benefit to our widely distributed clients, we have developed a remote probe appliance that can be placed anywhere in the world and allows our experts to remotely perform tests as if they were physically present within the environment.

The following illustrates some of the different vulnerability classes Trustwave covers during an internal network penetration test.

Wireless Testing
Wireless networks normally provide a "wedge" into a traditional corporate network that attackers leverage to gain greater access and compromise data. Trustwave can perform a penetration test of wireless networks, and using directed attack based logic can present your organization with the real risks of compromise inherent in the wireless infrastructure, and what that risk means to sensitive data stored elsewhere. Trustwave has the capability to test a varied array of wireless technologies from 802.11 Wi-Fi to application specific ZigBee, and many technologies in between, such as 900MHz networks, legacy FHSS technologies, 5.8GHz networks and others.

Secure Device Testing
There is an increased concern about the data loss perpetuated by mobile and embed devices where physically security controls are not possible. Devices such as corporate laptops, smart phones, embedded devices, and kiosks pose a greater threat if lost, stolen, or accessed via covert means. Trustwave can perform an in-depth "white box" or "black box" review of these devices and provide your organization with actionable changes to mitigate data-loss and exposure should they fall into the wrong hands.

ATM Technical Security Review

Malware attacks specifically targeting Automated Teller Machines (ATMs) are becoming increasingly more prevalent. Used by organized crime groups, this malware-called "credentialed malware"- can be used to print ATM card numbers and PINs. To help identify gaps and potentially prevent such attacks, Trustwave SpiderLabs can assess the ATM architecture by conducting:

• An ATM architecture review
• Internal penetration tests
• Machine-level tests