Medical Device Testing

A device Penetration Test emulates an attack by attempting to breach systems from an attacker’s perspective. For this security testing, the OpenSky Technology Solutions’ Information Security Analyst (ISA) attempts to circumvent the security features of a system and may be assumed to use all system design and implementation documentation, which may include listings of system source code, manuals, and circuit diagrams. The analyst works under the same constraints applied to ordinary users.

Objective:

The objective of this engagement is to provide an analysis of the current designs and attack vectors of devices. This is achieved by predefining a goal (i.e. obtaining administrative access to systems or obtaining confidential or sensitive information from network resources such as file shares or customer account systems) and reporting whether that goal was achieved, providing proof of obtaining the defined goal, and documenting the exact process.

Rules of Engagement

Prior to beginning the Penetration Test, several rules of engagement must be predefined so that OpenSky Technology Solutions does not engage in any “out-of-bounds” behavior or tactics. Please note that a typical attacker will not adhere to this list. Most will implement any and all methods of obtaining information in order to achieve their goal.

Testing Methodology

• Information Gathering
• Enumeration
• Definition of Secondary Targets
• Exploitation and Penetration Attacks
• Results Analysis
• Final Analysis and Documentation
• Special Considerations

OpenSky Technology Solutions specializes in Medical Device testing as well as providing custom services.