We find the holes;
you protect your infrastructure.
Get your network hacked.
Network Infrastructure
From internal to external infrastructure, we can test and advise proper security and segmentation.
The network infrastructure comes in layers when it comes to pen-testing.
On the transport layer, attention is paid to proper network segmentation, routing and firewalling. Additionally, the operations and configuration of typical network devices such as routers, managed switches, firewalls, wireless infrastructure and MPLS lines come all under audit. The next level covers shared services providing the ecosystem with crucial functions or data such as authentication, authorization, publishing of services from/to network zones of different security level, base IT management, standardized application components, and more.
All of these mentioned categories of IT infrastructure components may be tested (black-box) or audited (white-box). Additionally, network design consulting is available. Do not hesitate to include security consultants in project teams right from the start.
Our insight.
-
Did you know that as "zombie", you can be a victim and an attacker at the same time?
-
Even a too specific description of a computer in AD (PC,office101_dental_basement) can be a risk...
-
Applications deployed in serverless runtime are just as susceptible to common vulnerabilities.
-
Kubernetes do not ensure the security of containers in any way. Security is always up to you.
-
There is at least one insecure computer in every secured network. Make sure that you are the first to find it.
-
Hackers really do love their work, regardless if they are a black or white hat!
-
Improperly configured database user roles is a blessing for an attacker. Make sure you follow the principles of least privilege and implicit deny to create a strong access control policy.
-
One of the first points of interest for an attacker will be backups. Treat them as valuable as live data and make sure they have at least the same level of security.
-
A common misunderstanding that white listing mac addresses in a network is a smart way to provide security. Unfortunately, this solution does not account for spoofing mac addresses that can be easily detected on the network with wireless signals.
-
Did you know that a wireless kettle can be a gateway into your network? An attacker can force a kettle to give out your secure network password if security is not set up correctly. Once in the device, default admin access can provide everything the attacker needs.
Services for network infrastructure.
Frequently asked, always answered.
The difference between a black box and a white box test is the level of information given to the tester at the onset of the test. With a black box test, the tester is given limited information in order to provide a more realistic scenario, with the information only found publicly. Alternatively, a white box test can allow for a more thorough test of the platform by giving the tester more information up front so they design more attack scenarios around the complete information.
The object of the test is not to disrupt service or damage any information. However, we cannot predict how the system will always respond to an exploit, so we recommend that there are operations personnel ready and backups available.
A report includes the list of vulnerabilities discovered with severity rating. Additionally, there is a managerial summary which outlines how these vulnerabilities correspond to a business risk, and a technical write up, so developers can reproduce and correct the issues.
The simplest way to estimate a project and build a quote is by having someone from our team take a quick look at the environment to determine the size of scope. We found that this provides the most accurate result for the quoting process and allows for the project to include the desired scope without being over priced.
