BOOK A DEMO

Infrastructure and network pentest


A pentest of an external infrastructure enables to assess the security of public IP addresses and servers exposed on the Internet. A pentest of an internal infrastructure enables to assess the network from the point of view of a visitor or a malicious employee.

Aim of an infrastructure and network pentest


IT infrastructure is central to the day-to-day operations and management of businesses. Cyberattacks can come from outside or inside the company.

The purpose of an infrastructure and network pentest is to test the security of elements that can be attacked from the outside of the company (IPs, servers) or from the inside (servers, workstations, network devices).

The result is a pentest report presenting the vulnerabilities identified as well as possible operational means to correct them.

The scope of this security assessment is to be defined according to the objective sought:

  • What are the main risks for the business activity: access to confidential data? the continuity of the information system’s service? embezzlement?
  • What is the level of risk to be tested: only external attacks (black box penetration testing), or also internal attacks (grey box penetration testing)?
  • For internal attacks: can we test the partitioning between different levels of rights (visitor, trainee, etc.)?

Stages of an infrastructure or network pentest


Kick-Off-Meeting

Customer goals are gathered and rules of engagement obtained.

Discovery

We proceed to perform scanning and enumeration to identify potential vulnerabilities, weak areas, and exploits

Vulnerability Analysis

Perform Automated and manual vulnerability discovery and correlate findings with threat intelligence.

Exploitation/Attack

Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.

Remediation Validation

We re-test vulnerabilities after fixes to validate security improvements and provide confirmation of closure

Reporting

Document all found vulnerabilities and exploits, failed attempts, and company strengths and weaknesses.

External infrastructure penetration testing

The security assessment of an infrastructure with an external approach consists in identifying the elements of the information system that are open to the outside.

This type of pentest includes:

  • Analysis of open services on various servers (port scans and identification of services)
  • The search for flaws related to the configuration of the services present
  • The identification of flaws related to the software architecture of the operating systems present on the servers


Internal network penetration testing

The security assessment of an internal network consists of mapping the network before performing security tests on the identified elements. Thus, servers, routers, proxies, user workstations, printers and any machine connected to the network can provide useful information for an attacker or even open backdoor access to other resources.

The pentests are based on the following actions:

  • Identifying vulnerable services
  • Finding a lack of data encryption
  • Detecting poor management of rights/permissions
  • Evaluating network security by sniffing and handling packets
  • Detecting misconfiguration of the network or internal Web applications

It is also possible to include social engineering tests that can be performed by an attacker who is present in the company's premises (internal phishing, depositing malicious devices in the company, etc.).

See What We Can Do For You

Download a sample penetration test report to see the results we can deliver for your organization.

DOWNLOAD

Ready to Get Started?

See How We Can Secure Your Assets

Let's talk about how cIG can solve your cybersecurity needs. Give us a call or submit your information below and our representative will be in touch to help you build a more resilient security operation today.

Call Us On: +267 - 74657500 | Email: hello@cyberintrustionguard.com