Penetration Test

Net Agent provides you a world-standard security service

Is your network OK?

Connecting with computers in the world, the Internet is very convenient. But on the other hand, there is a risk that your computer could be invaded. It is very difficult to construct, manage and maintain a highly secured network because of technical disabilities and high costs. In order to assure a highly secured network with comfort, NA supports clients with 4 services: security inspection, regular investigation, system setup, and system administration.

Security inspection service

Vicious hackers may try to invade unsecured network for various purposes such as to covertly attack other networks or to steal your confidential information. NA’s security inspection service is executed by a team of highly skilled security experts with a high standard of ethics, using its own developed security investigation tools.
That allows NA to investigate not only security holes due to system configuration, but also other various security holes in CGI, Web applications, or database. NA can ensure security even from mission critical systems.
After the investigation, NA will submit a detailed investigation report including measures of dealing with security holes.
As an option, NA can also stop security holes.

Security regular investigation service

NA offers regular security investigation services up to 6 times a year : every time your security status changes for example from adding a new server, changing or updating OS.
NA also informs you when it gets information about new security holes.
Furthermore, though the year, in case NA obtains information about new security holes, NA will conduct an examination and give a report on how to deal with them.
*investigation in case of changes such as network reconstruction
*investigation in case of NA’s getting information about new security holes
---> discovery of security holes
---> proper measures
---> asecured status

System administration service

NA handles various operations to maintain safe network usage for its clients. NA’s daily services are:

  • Log interpolation tests
  • System changes tests (prevention of interpolation)
  • Test of Mail & WWW usage
  • Modification of server resource usage (disk usage, CPU load average, etc.)
  • Detection of attacks on the client machine executing browser or mail client
  • Check of service executing status
  • Tests of security holes
  • Countermeasures against attacks

NA can also answer to clients’ daily needs when necessary.

System setup service

Without participation of experts, network setup can be the best target for vicious hackers. Once attacked, a great deal of efforts will be needed to recover costs, time and social confidence.

Detailed hearing->Design->Determination of security policy->choice of machinery->Actual establishment and configuration->Tests->Adoministration and management (option).

Some Examples

NA provides thorough, high quality inspection which big venders would not imitate. Since NA security inspection is manually done by the experts’ team, NA can find security holes depending on systems, security holes of dynamic contents such as CGI, newly found security holes, which will not be detected through other companies’ security inspection with general inspection tools but without person’s check.

NA found a lot of security holes in the environment constructed by an SI vender

On a system of which an SI vender A designed security policy, NA found 2 fatal security holes, 2 serious holes and many other security holes.
By investigation the system and the whole organization circumstances, NA found that it was hardly administrated. Then NA modified it for improvement.

NA found an undiscovered security hole

While conducting security inspection of a central government agency’s network, NA found a security hole with which anyone could illegally execute programs on Windows NT. This security hole, which had been undiscovered, was not found through existing test tools. Since attacks on this security holes were recorded into log, NA examined log but didn’t find any attacks. NA confirmed that this security hole was unknown.

NA found configuration with risks of leakage of clients’ data

B company. It was possible to access the database from anywhere and the password was easily guessed. It means that anyone could get information from the database which included information about more than 100.000 clients’ , moreover, add or change it. Since access records didn’t remain, they couldn’t find out who made the accesses. This example is reported in detail in “Personal UNIX 2000 April” (Mainichi Communications).

NA found a security hole in a CGI program

In a largely used CGI program, NA found a security hole with which any command could be executed.
This program could be executed on any system, so it was possible to bypass the firewall.
NA immediately informed the author of this CGI program and reported measures of modification.
It was revised in a short time.

Firewall with any penetration

The firewall of a certain company couldn't refuse the packet which because of the configuration problem. NA succeeded in evading this problem by doing a very advanced and complex configuration. As a result, NA was able to advance the total security level of the whole site.

 

 

@Penetration Test

 

@>>Test Tool