Matta's focus is to deliver the highest quality services. We do this through assiduous attention to detail, hiring the best people, and always starting from the same perspective - 'How can we help our customers achieve their goals'.

External Security Assessment

Conducting a penetration test on the public facing network is something most companies should consider doing at least annually.

Apart from the obvious reasons of good compliance, it is important to supplement any VA work you may be doing with a full consultant based Penetration Test to ensure that your network is truly as robust as you think it may be from an attacker.

Matta does not sell Penetration Tests that are no more than packaged, automated Vulnerability Assessments. Vulnerability Assessments throughout the year are an important part of a larger security programme. However, a consultant Penetration Test, if conducted by professionals, will find issues that a VA will miss.

A Penetration Test is usually more expensive than the automated counterpart, but gives the customer a high degree of confidence in the security of their network.

Typically, an external Penetration Test will comprehensively assess the security of public Internet facing devices on the clients DMZ, such as:

• Mail Servers
• Web Server Infrastructure
• Firewall and Routers
• Remote Access, including VPN's
• DNS Servers

Additionally, Matta will scan the clients IP range to discover or validate the known hosts, and will conduct a number of 'open source' tests looking for information about the company a hacker would find useful.

Internal Security Assessment

Conducting Internal Penetration Tests has rapidly become a critical part of the Security Managers requirement. For good reason too, as anyone who has had to face questions from their board after an incident, can testify.

The business drivers for internal network tests include:

• Ensuring access to sensitive data is restricted to authorised parties
• Validating the network's resilience to worm or virus propagation
• Securing third party links, and ensuring they have access to only the services they need
• Compliance (of course)
• etc

Internal network tests can be conducted to varying degrees of detail, and focus on different 'Attack Vectors'. An Attack Vector is simply a way in which we think an attacker might attempt a compromise. For example, using SQL querying tools to access a database in an un-authorised manner is an attack vector if your concern is ensuring confidentiality on your database.

Matta first endevours to understand the business drivers, and reasons for conducting the assessment. We can then advise an approach that best meets those objectives.

For example, if particular systems are highly sensitive, then conducting a server audit might be a good use of budget. In another example, a company might be concerned about ensuring contractors only have access to authorised services, and in this case, Matta can use a set of standard contractor credentials to determine what levels of access are actually possible.