Internal infrastructure test to take away?

Internal Infrastructure Take Away | Pentest

The current COVID-19 situation has meant that traditional onsite testing (such as internal infrastructure testing) is just not possible, and like many other organisations, we’ve had to adapt quickly, continuing to support our clients during this difficult time in whatever way we can.

So, how are we able to conduct internal infrastructure tests without being physically onsite? We have a couple of options: a ‘pizza box’ test approach or VM approach. Both options allow us to have our tools running locally on your network, rather than having to tunnel everything over a VPN connection, which can introduce technical problems.

Each option has its benefits and we work with clients to understand which method is best suited to individual requirements. Where clients have not wanted to set up a VPN, the pizza box solution has provided an alternative option.

A pizza box test is an internal test which takes an external approach. Instead of sending a consultant onsite, a pre-configured device (usually a laptop) will be sent to the client, this device is then physically connected to the internal network and will ‘call-home’ automatically, provided a suitable secure network route can be established to our systems. This allows our consultants to conduct the internal test remotely, via a secure connection.

Sounds great, so why don’t we do this for every internal infrastructure test? Well, firstly there are limitations on what can be tested through a pizza box approach and we are not able to cover all the aspects of infrastructure testing that we usually would. Secondly, and this is one for post lockdown, clients often benefit from having someone physically onsite to explain the issues whilst the test is ongoing and to pass on their wealth of expertise. And thirdly, companies may be concerned about the idea of introducing an additional route into their network or may have policy restrictions which prevent non-approved devices being connected to the corporate network. This could be the case when information held on a network is highly sensitive in nature and clients don’t want to introduce further risk.

We know this approach isn’t right for everyone, however it can be extremely beneficial to organisations who continue to need security assurances around their internal infrastructure when having consultants on site is either impractical (geographically remote locations) or due to restrictions (such as pandemic lockdown).

To find out more about our remote internal infrastructure testing, or to see if it’s the right approach for you, call us on 0161 233 0100 or email [email protected]

share this post

Share on linkedin
Share on twitter
Share on facebook
Share on reddit