A pentest of an external infrastructure enables to assess the security of public IP addresses and servers exposed on the Internet. A pentest of an internal infrastructure enables to assess the network from the point of view of a visitor or a malicious employee.
IT infrastructure is central to the day-to-day operations and management of businesses. Cyberattacks can come from outside or inside the company.
The purpose of an infrastructure or network pentest is to test the security of elements that can be attacked from the outside of the company (IPs, servers) or from the inside (servers, workstations, network devices).
The result is an audit report presenting the vulnerabilities identified as well as possible operational means to correct them.
The scope of the security audit is to be defined according to the objective sought:
The first stage consists of defining the scope and conditions of the security audit. The preparation phase of the audit will then allow the necessary information to be passed on to the pentest team as well as any technical access required. An emergency communication plan is put in place before the start of the pentests.
While the external approach consists of conducting tests remotely, the internal approach requires the pentesters to be present in the premises of the audited company.
The feedback of the results makes it possible to present the vulnerabilities identified, as well as their concrete impact for the company, and the technical solutions to correct these flaws.
The security audit of an infrastructure with an external approach consists in identifying the elements of the information system that are open to the outside.
This type of pentest includes:
The security audit of an internal network consists of mapping the network before performing security tests on the identified elements. Thus, servers, routers, proxies, user workstations, printers and any machine connected to the network can provide useful information for an attacker or even open backdoor access to other resources.
The pentests are based on the following actions:
It is also possible to include social engineering tests that can be performed by an attacker who is present in the company's premises (internal phishing, depositing malicious devices in the company, etc.).
Our white paper "How to define the scope of a pentest" gives you clues to define the scope and a pentest strategy. It brings together the key points resulting from our discussions with around 200 companies.
Active Directory is a very common LDAP directory in companies. This is a particularly sensitive element from a security point of view because it can allow an attacker to reach higher levels of access rights.
A pentest of a domain controller, and especially of Active Directory, includes:
In 2018, 81% of vulnerabilities found were network vulnerabilities, although the application layer is where the risk is higher.
The average window of exposure for critical infrastructure vulnerabilities is 65 days.
2019 Vulnerability Statistics Report. Edgescan. (p. 15).
22% of all folders were exposed to every employee.
2019 Global Data Risk Report: Data Gets Personal. Varonis. (p. 12).
Our range of pentests
We cover a wide technical scope, with specific tests for each type of target. The exact area to which the pentest is applied is to be defined directly according to your security priorities, or after a reconnaissance audit phase for identifying the parts that are most at risk from the viewpoint of an attacker.