IT Infrastructure/Network Security Vulnerability

IT infrastructure is probably the most critical part of any business today. If it breaks down for some time, this almost always results in significant operational failures and therefore huge losses in revenue. That’s why security plays a central and extremely important role in the design and operation of IT infrastructure. An essential part of this is regularly conducted penetration tests to check the security status and identify weak points with the aim of eliminating them. Externally accessible and internal infrastructure must be taken into account in order to make it as difficult as possible for attackers to break into the network, but also to spread within the network afterwards. We offer the following services in this area:

External Infrastructure Test

We check your externally accessible IT infrastructure in an external penetration test from the point of view of an attacker from the Internet. Depending on your requirements and the nature of your network, we work with a combination of automated and manual tests and methods to ensure comprehensive test coverage. Among other things, we check the following test contents:

  • Identification of operating systems and software used by means of port scanning, banner grabbing etc.
  • Active technical information gathering using DNS, ICMP, SNMP and other protocols
  • Research on potential security vulnerabilities in the infrastructure
  • Identification, creation or adaptation of exploits or execution of exploits after consultation with you
  • Evaluation of the encryption parameters of your SSL services based on BSI recommendations and best practices
  • Cracking of passwords
  • Checking external VPN access and firewalls
  • Checking your externally accessible services (SSH, FTP, …) for misconfigurations and vulnerabilities
  • Manual verification of the automatically identified vulnerabilities, sorting out false positives

As a result of our investigation, you will receive a comprehensive report in which we assess the security status of your infrastructure and list any vulnerabilities. In addition to a comprehensive test report, you will receive concrete recommendations on how to increase your IT security.

Internal Infrastructure Test

From the perspective of an attacker with access to your internal network, we check your networks and servers in an internal penetration test. This can take place, for example, on your premises or via remote access via VPN, or similar. We cover the following test contents among others:

  • Identification of operating systems and software used by means of port scans, banner grabbing etc.
  • Active technical information gathering using DNS, ICMP, SNMP and other protocols
  • Research on potential vulnerabilities in the infrastructure
  • Identification, creation or adaptation of exploits or execution of exploits after consultation with you
  • Cracking of passwords
  • Checking your Active Directory configuration for vulnerabilities that could allow privilege escalation, for example
  • Checking your network separation
  • Checking your internal services (SSH, FTP, …) for misconfigurations and security vulnerabilities

In the case of an internal pentest, you will also receive a comprehensive report as the result of our investigation, in which we assess the security status of your infrastructure and list any vulnerabilities. In addition to a comprehensive test report, you will receive concrete recommendations on how to increase your IT security.

We recommend that you carry out both internal and external pentests on a regular basis in order to always have an overview of the security status of your networks. Since it is almost always possible for attackers to gain access to your network, e.g., through social engineering attacks, the internal tests are just as important as the external ones. It is especially important for us to always coordinate our approach with you. To avoid production downtime, we only perform certain tests (such as exploits) in direct consultation with you. If you want a realistic attack simulation to put your defenses to the test instead, we recommend conducting a Red Team Assessment.

IT Infrastructure Testing with NSIDE ATTACK LOGIC

In order to provide you with the best possible product, we adapt the test parameters such as scope and procedure to your individual needs. Simply contact us and we will get back to you as quickly as possible.

OFFENSIVE CYBER SECURITY

Contact us to uncover and close your security gaps.