Infrastructure Penetration Testing

Ensuring your IT networks are protected against external threats and malicious insiders

Infrastructure testing overview

IT network infrastructure is vital to the day-to-day operation of modern business, whether it’s an entire enterprise network, critical connected devices, software such as VPNs or remote access solutions, isolated VLANs, servers, network storage or even networked devices such as workstations, scanners, or printers.

If a malicious threat were able to gain access to your IT network, it could have wide ranging consequences and could ultimately lead to them gaining full access to critical internal resources, as well as sensitive information.

Testing your IT infrastructure is therefore critical, whether it’s for your own security assurances, as part of an accreditation process (such as ISO 27001) or as part of an IT Health Check (ITHC). Helping ensure your network is deployed in a way that enhances the security of your employees, customers and the resources owned by your organisation. 

What does our infrastructure penetration testing cover?

Protecting your network from the inside and the out.

Our infrastructure testing covers the two main aspects of your IT network:

External Network

External infrastructure is your public facing networks, the networks that can be found over the internet. As these networks are public, they can be discovered and exploited by an attacker located anywhere in the world, which makes them an easy and potentially high-risk target.

The goal of our external infrastructure testing is to identify what you have available over the internet, uncover vulnerabilities, and ensure you are protected against the known risks. Essentially, to help you keep the bad guys out.

What our testing sets out to achieve:

  • Identify your publicly available networks
  • Uncover live network services & software
  • Test services & software against known exploits
  • Attempt to establish a foothold on your network

Internal Network

Internal infrastructure concerns the networks that are only available to people within your organisation, or those connected to it, such as suppliers & customers. The most likely exposure here is from an insider threat, however it can include external threats who have managed to gain access to your internal network or a supplier network.

The goal of our internal infrastructure testing is to identify what can be exploited by these threats and protect against the risks. Essentially, to limit the damage of an ‘insider’ threat.

The key areas our testing reviews:

  • Access configuration & controls
  • User roles & privilege escalation ​
  • Service configuration & authentication
  • Data loss prevention & exfiltration routes

What we review as part of our infrastructure testing

Our infrastructure testing is tailored to your requirements, whether you’re looking to test an entire network or just a specific area. Below are areas we can look to review during our testing engagements:

Network
architecture

Network devices (routers, switches, firewalls, etc)

Build
reviews

Operating systems of live systems

Software installed on live systems

Domains or
Active Directory

Missing security
patches

Configuration of software & installed components

Not sure what type of testing you need?

Our team will be happy to discuss your individual requirements and provide a no obligation proposal based on your needs.

Contact Pentest >

The Pentest approach to penetration testing

The security confidence we provide doesn’t come from a one size fits all solution.

Every infrastructure penetration test goes through a rigorous process to ensure you get the best possible results. Below we outline the key stages our testing goes through:

1. Understanding your requirements

No two organisations are the same. We work closely with you to gain an in-depth knowledge of your needs and a detailed understanding of the environment under investigation, before putting forward a bespoke proposal of work.

2. Expert led, manual testing

Our test services are conducted manually by our expert cybersecurity consultants and are designed to fully challenge your current cybersecurity measures. All our consultants are directly employed by us, meaning we ensure the highest quality of service.

3. Reporting, tailored to your needs

Reporting isn’t just a piece of paper, it’s a process. Our reporting process can be tailored to suit your needs, providing you with timely, relevant, and detailed information, not just on our findings but also our expert remediation advice.

4. Post-test support & documentation

Our job doesn't finish on delivery of a test report. We make our consultants available after the test to provide remediation support and can provide fix checks, as well as additional documentation where necessary.

Like the sound of our approach?

You can find out more about our test process and why it sets us apart.

Find out more >

Find out more about our infrastructure penetration testing service

Want to find out more about our infrastructure penetration testing services? Our team are on hand to provide you with the information you need. Please fill out the form below and one of our team will be in touch shortly.

Pentest - CREST Accreditation
Pentest ISO 9001 Accreditation
Pentest ISO 27001 Accreditation
Pentest - Cyber Essentials Plus Accreditation
Pentest - OSCP Accreditation

/contact Us

/connect

Twitter Linkedin-in Github Youtube

/services

/about

/links

Pentest Limited is registered in England and Wales with company number 11925182

Registered address: 22 Great James Street, London, WC1N 3ES

VAT registration No: 331802826​

© 2019 - Present. Pentest Limited. All rights reserved.