INFRASTRUCTURE SECURITY

White Oak Security is able to identify critical network vulnerabilities and provide guidance in remediating these important risks

Your organization’s network security is paramount to protecting your customer and employee data along with your intellectual property. Although your network team has likely been focused on security for years, malicious actors have not stopped innovating and adapting, and it remains critical that both your internal and external network environments undergo penetration testing for both security and compliance assurance.

White Oak Security utilizes cutting edge tools and manual techniques paired with years of industry experience to uncover weaknesses in your organization’s network security. Our approach addresses both security and compliance issues and we will work with you and your team to prioritize issues and identify the most effective and efficient manner of remediation.

Our team's standard testing process for both internal and external penetration testing exceeds requirements for all relevant compliance requirements including PCI.  As with applications, White Oak is able to provide ongoing testing programs to address requirements like PCI DSS Requirement 11.3.


External network testing tone2.png

External Penetration Testing

An external penetration test on networks and host systems is critical for testing your first line of defense. An External Penetration Test consists of vulnerability scanning of targeted systems, automated and manual identification of remote OS and system-based vulnerabilities within target systems.

Our External Penetration Testing process follows the Penetration Testing Execution Standard (PTES) Guidelines.  This is a well-accepted standard that ensures that the infrastructure testing is thorough and follows industry standards.


Internal network testing tone2.png

Internal Penetration Testing

An internal penetration test on networks and host systems is extremely important for testing the security of your internal network, including segmentation testing for compliance with PCI requirement 11.3. An Internal Penetration Test consists of vulnerability scanning of targeted systems, automated and manual identification of remote OS and system-based vulnerabilities within target systems. 

Careful handling of tools and manual testing techniques is very important with internal testing as experience is required to ensure that no internal services are impacted during testing.

Our Internal Penetration Testing process also follows the Penetration Testing Execution Standard (PTES) Guidelines.


General network testing tone2.png

PCI Penetration Testing

Although our standard External Penetration Testing and Internal Penetration Testing services cover PCI requirements, in some cases our clients' require PCI-specific internal segmentation testing.  White Oak certainly provides this type of testing for clients and this can be included as part of any Internal Penetration Testing or as a separate engagement. 

With the most recent changes to PCI testing requirements our clients' often ask us to provide this testing on a 6-month schedule and to incorporate this testing into a broader Internal Penetration Testing program.


FORWEBCloud Security Configuration Review-tone2.png

Cloud Security Review

Cloud Computing is an rapidly-changing area of enterprise technology, and as major cloud service providers expand service offerings security implications are continuously changing. Our Cloud Security Review process follows industry best practices to thoroughly assess client service usage and configuration.

White Oak’s consultants follow a structured approach that identifies accounts, reviews current security configurations, and provides actionable feedback on how to address identified security concerns or gaps.

We are able to provide this service on environments, systems, and applications deployed on most major cloud deployments (including AWS, Google, and Azure) and can help ensure that your cloud deployment is secure from the bottom up


FORWEBWireless Network Penetration Testing - tone 2.png

Wireless Penetration Testing

Wireless networks provide a great deal of flexibility to employees, extend the functionality of handheld devices, and a welcome service for guests to your facilities.  They do also provide yet another avenue of attack.

Wireless Penetration Testing can provide insight into the vulnerabilities that this specialized network may harbor within your organization.  Our approach is focused on both traditional vulnerability identification as well as pinpointing rogue access points that may be deployed in your environment.  White Oak will focus on both the hotspot as well as wireless clients that are exposed. We will identify vulnerabilities and security concerns and provide specific guidance on how best to address those issues.