Our "perimeter walk" service will help you understand your political web site from the perspective of a hacker, and provide you actionable recommendations to improve its cybersecurity posture.
This service includes:
- Analysis of a single site
- Non-invasive reconnaissance of the sort hackers often perform
- A report detailing specific findings and recommendations for your site
- An exit conference to discuss the report
Definition of "Non-Invasive Reconnaissance"
Many of the techniques we use to examine your site were first detailed in Jonathan Lampe's 2015 presentation to the national (ISC)2 Congress, entitled "Evaluating the Security of Potential Partners - Without Permission!" They include:
- Proper use of HTTPS (SSL/TLS) to protect traffic
- Quality of X.509 certificate (if applicable)
- Hackability of "client-side" web app (if applicable)
- Outdated software
- Secure site headers
- Location and protection of web assets
- Information leakage
- Sign on forms and other "frontdoors"
- Web APIs and other "backdoors"
- Special classes of attacks applicable to site type
- Public information about site and its designers
- External connections (DNS entries and "deep links") involving your site
All of this information is available to anyone on the Internet who knows how to "listen closely" and inspect what they "heard." Since hackers can easily obtain all this information (and often without evading detection) it it critical for you to understand what they know and how it can be used against your campaign and your candidate.
Examples of Perimeter Walk Reports
The following Perimeter Walks were conducted on the Democratic National Convention's web site and a similar (WordPress-based) web site used by the New Jersey Republican Party on October 14, 2016.
How to Engage Us
The Perimeter Walk service is available for an affordable price, and can be purchased online with a credit card through Square's secure site.
Frequently Asked Questions
Q: Can I evaluate other/opposition candidates with this service?
A: Yes, as long as you also purchase an evaluation for your site. (This service uses non-invasive techniques that do not require explicit permission; invasive techniques will not be performed on any site where permission has not been granted by the owner.)
Q: Can I use this service for a political party, political action group or targeted issue site?
A: Yes, this service can be used for any political site.
Q: Could Cybertical's "Perimeter Walk" be considered a form of hacking?
A: No. The definition of hacking is "to use a computer to gain unauthorized access to data in a system." When we perform a Perimeter Walk, we use only public information that our target sites freely provide anyone who asks, or is freely available after registring on the target site as a member of the public. Since we never attempt to gain unauthorized access to target sites when performing a Perimeter Walk, it is not considered hacking.
Q: What would a "Perimeter Walk" look like in the real world?
A: Let's say you were interested in understanding whether thieves would consider your building to be an easy target or not. In the real world, a "Perimeter Walk" would be the type of service a physical security company would provide to walk around the perimeter of your property and look for obvious weaknesses, such as missing fencing, holes, blind spots, open doors/gates, and the apparent attentiveness of gate staff. Our "Perimeter Walk" service provides a similar service to that, but in cyberspace.