Infrastructure Penetration Testing
Are your IT systems sufficiently robust to withstand a coordinated cyber-attack? Our network security consultants use simulated aggression infrastructure pen tests so you can be assured of your data security.
The pen tests help you find vulnerabilities in the system, the probability for cybercriminals to exploit them and how much damage they are likely to inflict. The report will help you plan and implement appropriate system security.
There are three types of application penetration tests: enterprise network perimeter, company’s internal network (intranet) and company’s Wi-Fi pen tests.
Enterprise network perimeter pen tests
- The analysis of the services provided by the company
- Verification of the existence of vulnerabilities that might enable an attacker to compromise the infrastructure elements
- Assessment of potential for privilege escalation
We identify potential paths for attacking the Client’s infrastructure by an attacker on the Internet. We thoroughly analyse all services made available (knowingly or unconsciously) by the Client on the public IP addresses used by them. Each of the available services is examined for its holes enabling third parties to take over the machine on which it is running. In the case of finding this type of vulnerability and obtaining remote access during further tests, we analyse the possibilities of local escalation of rights and further taking over the customer’s infrastructure.
Internal network (intranet) security assessment
- Evaluation of firewalls between subnets with different security levels
- Verification of NAC performance
- Scanning for access control
- Usage of the seven stages PTES model
We verify that LANs are properly designed to segment and filter traffic between subnetworks with different security levels. The machines detected in the network are scanned for open ports, and each of the services available is checked for their ability and scope to take control of the machine. In the case of granted access, the level of privileges is verified, and the system checked for possible local escalation to the Administrator or root account level. The tests are based on a seven stages Penetration Testing Execution Standard (PTES) model.
Wi-Fi security tests / Wireless penetration tests
- Access Point Security Verification
- Analysis of the presence of potential Rogue Wireless Devices
- Optional security verification of client stations connecting to WI-FI networks
We verify the security of Access Points operating in any standard of communication (802.11b/802.11a/802.11a/802.11g/802.11n/802.11ac), using any security mechanisms (WEP/WPA/WPA2/WPA3 Personal/Enterprise). We can run a security assessment of client stations connected to Wi-Fi networks and analyse available networks for potential Rogue Wireless Devices (devices connected to the company’s local network that may provide unauthorised access to that network via an additional Wi-Fi network).
Infrastructure penetration tests benefits:
Providing information on system vulnerabilities and the probability of an outsider gaining unauthorized access to protected data
Identify weaknesses in the IT infrastructure
Receive professional assistance in setting priorities in risk management
Your IT department is shown a clearway how they can improve the system
Tests give you an assessment of the feasibility of investments in advanced technologies related to IT security
Stay in compliance with the regulations, your risk and continuity policies and other requirements for the security of the business