The Home page logo of the Navigation Bar
The services page logo of the Navigation Bar
The training page logo of the Navigation Bar
The Methods and Tools page logo of the Navigation Bar
The resources page logo of the Navigation Page
The team page logo of the Navigation Bar

Intrusion testing

Computer security audits which are carried out by the specialized team of ALYOTECH SECURITY, confront the information systems with external and internal attacks identical to those carried out by hackers.

The objective is to assess the security level of the systems, to identify the whole of their vulnerabilities, and to propose corrective solutions.

To achieve these goals, ALYOTECH SECURITY relies on competences of its consulting engineers, specialized in IT security.


Remote control of sytems by hackers

Hackers can indeed exploit system faults, and take remotely control of the vulnerable systems to, for instance:

  • consult and falsify confidential data (electronic mails, reports, passwords, credit cards numbers, etc) ;
     
  • install programs allowing them to come back later in the compromised systems (backdoors, rootkits, kernel modules, etc) ;
     
  • from compromised machines attack others machines of the IT system and thus exploiting the lack of protections inside the system ;
     
  • damage to the reputation of the attacked company (defacement of WEB site pages for example).
     

ALYOTECH SECURITY and the manual techniques for audits

The techniques used by ALYOTECH SECURITY during the external ant internal audits of IT systems are manual techniques. Although tools exist for automated detection of vulnerabilities (Retina (eEye DIGITAL Security), Internet Scanner (Internet Security Systems), CyberCop Scanner (Network Associates), Nessus Security Scanner, etc) and are employed by many companies belonging to the security field, their use remains problematic as:


  • pirates very often employ manual techniques of attack;
     
  • vulnerability databases used by these tools do not include the most recent discovered vulnerabilities which are exploited by the community of the hackers;
     
  • automated tools cannot compete with the expertise and the intelligence of a professional pirate or a member of the specialized team of ALYOTECH SECURITY (moreover, these tools never detect the whole of the vulnerabilities included within a site);
     
  • tools for automated detection of vulnerabilities can harm the integrity of the audited IT system and make attack traceability impossible, because their actions and reactions cannot be controlled and predicted, and are rarely traced, dated and recorded.

ALYOTECH SECURITY - Legal conformity of the carried out security audits

Finally, security audits carried out by ALYOTECH SECURITY are planned and managed in close cooperation with the services of the “Direction de la Surveillance du Territoire (DST)”, in conformity with article 323 of the new penal code, as these penetration testing steps cannot be carried out without prior agreement of the owner of the attacked IT system.

 

Copyright © 2008 ALYOTEHCH SECURITY

Valid XHTML 1.0 Transitional


All rights reserved
Version : 15 juillet 2008

Le logo de la societe AlyotechSecurity
La banniere d'Alyotechsecurity

Headquarters :

8, rue Volney
75002 PARIS

Std. : 01 55 43 09 20
Tel. : 01 55 43 09 41

Fax : 01 55 43 09 21

 

Methods, tools and manual engineering for security audit of IT Systems and networks