RSC Wales External Penetration Testing Service
February 1st, 2010 by Jon Agland
RSC Wales are now able to offer scheduled external penetration testing service to our supported learning providers.
The external penetration testing service can be used to provide a detailed report of your Internet facing systems and services. This report is generated by scanning the external IP addresses and hostnames used by the organistation, the scans are scheduled to occur once a month.
For each system identified a list of any issues with Internet facing services running on the system are identified. Information is then provided in relation to any known security issues, with information on how to further investigate or to resolve these issues. Where are an organisation requires further support, RSC Wales are then able to further guidance and advise.
How to register
To register for this service, you will need to provide us with the following information via e-mail to pentest@rsc-wales.ac.uk
1. A list of target IP address and hostnames
2. An e-mail address (or addresses) to send the report to.
3. A name for the scan
Further details
The penetration testing service is provided using the Open Source scanner – OpenVAS, and as such we are restricted by the rate at which the OpenVAS software is developed. If you find these reports useful then please consider contributing to the OpenVAS project.
The reports provided will give you an external view of your network in relation to other hosts on the Internet. The scan performed can be affected by security devices such as Firewalls, especially those performing deep packet analysis or rate limiting. If in doubt about a particular system we would recommend using a copy of OpenVAS or the commercial version of Nessus against the system from within the same logical network. You should cross reference that report against any Firewall rules and/or the results of an external port scan.
As the scan commences you will receive an e-mail advising you that the scan has started. This is so that you can be more vigilant of system problems whilst the scan is running. In some cases the scans can (or can appear to) perform a Denial of Service attempt as it tests a particular service for a vulnerability or as the scan places strain on devices performing network security such as Firewalls, Routers with Access-lists or packet inspecting device. In our testing these issues are rare.
Finally RSC Wales accept no responsibility for any issues caused by the scan, or for the validity or integrity of the report. The service is only provided to raise awareness of the security of Internet facing systems.




