Businesses that aim at attaining strong and stable market position use advanced tools for data acquisition. Internet is doubtlessly one of such tools. Safety is a factor that significantly restricts access to its resources. Most business store sensitive and strategic data in their IT resources to which access must be protected. Unauthorized access may lead to a business' compromise or even its fall down. Each year the number of incidents related to hacking with the use of the most up-to-­date tools and technologies have been growing.

According to Computer Emergency Response Team (CERT) reports, it may be derived that 60-80% of all incidents consisted of data theft relating to a targeted business. By comparison, the rate of incidents consisting of the use of malignant software was at the level of 10-20 %. Safety of IT systems is additionally affected by the negligence in a proper maintenance of already implemented protection systems.

Risks originating from the Internet are not the only source of threats for IT systems. The biggest threat for data safety comes from hackers, who enter the organization's structures. Hackers may be external ­intruders or in-house employees. Errors in applications often lead to vulnerabilities in the system safety. Such vulnerabilities may result in granting unauthorized access to a user (an employee or intruder), who may steal sensitive data or gain control over other or all systems used by a given organization. Lack of knowledge on existing system vulnerabilities renders impossible adequate data protection.

Maintaining adequate safety level of IT systems and its operability requires ongoing and periodic audit of system security.  A proper auditing of system security consists of periodic vulnerability analyses of systems and networks supplemented by adequately chosen set of penetration tests. Penetration tests allow for determining actual system resistance to attacks. Such tests are performed based on attack simulations on business networks.

Offered services:

• scanning of address area of private network (detection of available servers, workstations, network printers, routers and other devices),

• scanning of server ports and network devices (detection of provided network services),

• preliminary identification and system penetration (determination of type and version of OS, applications, users etc.),

• attack simulation (acquisition of users' ports and system administrators, attack on the control system of access to network services),

• running network eavesdropping, acquisition of network connections (man-in-the-middle type of attacks),

• analysis of system resistance to specific attacks (e.g. service denial, buffer overload etc.).