Along with services to keep your Data Centre safe from physical threats, Synerflux also offers the best equipment and services in Cyber Security. We ensure the information in our clients. Data Centres are safe from being tampered with, copied or erased by external hackers. We offer our services in the field of cybersecurity to help our clients protect their organisation’s Data Centre Systems effectively from cyberattacks and data breaches.

We specialise in conducting penetration tests on Data Centres and have an experienced team to handle any situations that may occur. The primary objective of our network penetration tests is to identify exploitable vulnerabilities in our clients’ network, hosts and network devices before hackers can discover and exploit them.

This type of assessment is an attack simulation carried out by our highly-trained security consultants to:

– Find security-related flaws in the Internet-facing network environment
– Understand the level of risk to the Data Centre due to these flaws
– Help address and fix identified network security flaws

Synerflux’s network penetration testing service follows the PTES (Penetration Testing Execution Standard) to identify critical network-centric vulnerabilities. Here is a quick breakdown of how we will conduct our tests.

Pre-Test Meeting

Before we start running tests to find breaks and flaws in the Data Centre System, there will be some admin work that we will need to discuss with our clients. In this meeting, we will be covering the following Pre-Test documentation:

– Scope
– Goals
– Testing terms and definitions
– Establishing a point of contact person
– Rules of Engagement
– Capabilities and Technologies Implemented
– Permission to perform the test

Once all of these are settled, we will move on to the next phase.

On-site Intelligence Gathering

Next, we will send our team to do an on-site evaluation of the Data Centre and gather valuable pre-test data which will be used to set the test parameters. The assessment will consist of these things:

– Open Source Intelligence (OSINT)

– Mapping network infrastructure via:

1. Zone Transfers
2. DNS Bruting
3. Reverse DNS
4. Ping Sweeps
5. Port Scanning
6. SNMP Sweeps
7. SMTP Bounce Back
8. Banner Grabbing

– OS Fingerprinting

– Social Engineering

Threat Modelling

Once we have all the pre-test data, we’ll get to work on building a detailed and custom threat model for your system. We will generate a list of prioritised threats applicable to the system that we are analysing, as well as information about the risk management process.

Vulnerability Analysis

Our Vulnerability Analysis will be able to find flaws in systems and applications which can be used by a potential attacker to hack the Data Centre. These flaws can range from host and service misconfiguration, or insecure application design.

We use both automated tools as well as passive testing to detect vulnerabilities. The automated tools include but not limited to:

– Open Vulnerability Assessment System (OpenVAS) (Linux)
– Nessus (Windows/Linux)

The tools that we utilise in passive testing includes a vast array of system specific softwares as well as hardwares, giving accurate results and finding vulnerabilities with ease.

Exploitation

This part of the process is to gain access to the system or resource by bypassing security. Once we’ve found a set of vulnerabilities in the system, suitable targets are identified to begin an intrusive attack to test the system’s defences. The activities that are carried out during the exploitation phase includes:

– Antivirus Bypass
– Fuzzing
– Sniffing via Wireshark and Tcpdump
– Password Cracking, Password Guessing
– Network Pivoting, Network Service Exploitation

Post-Exploitation

During the Post-Exploitation phase, we can determine the value of the machine compromised and find ways to maintain control of the machine for later use. Here’s a breakdown of what we during the post-exploitation phase:

– Extracting blind files
– Finding Important Files
– Remote System Access
– Binary Planting
– Uninstalling Software
– Obtaining Password Hashes in Windows

Reporting

Finally, once everything is over, we will provide our clients with a detailed, in-depth report on the overall process. This report will summarise the penetration testing process, analysis and commentary of vulnerabilities identified as well as show the critical vulnerabilities identified and how the overseeing management should address them.