Infrastructure penetration testing

Ensuring your IT networks are protected against external threats and malicious insiders

What is IT infrastructure & why does it need testing?

IT network infrastructure is vital to the day-to-day operation of modern business, whether it’s an entire enterprise network, critical connected devices, software such as VPNs or remote access solutions, isolated VLANs, servers, network storage or even networked devices such as workstations, scanners, or printers.

If a malicious threat were able to gain access to your IT network, it could have wide ranging consequences and could ultimately lead to them gaining full access to critical internal resources, as well as sensitive information.

Testing your IT infrastructure is therefore critical, whether it’s for your own security assurances, as part of an accreditation process (such as ISO 27001) or as part of an IT Health Check (ITHC). Helping ensure your network is deployed in a way that enhances the security of your employees, customers and the resources owned by your organisation. 

Types of infrastructure testing

Our infrastructure testing covers the two main aspects of your IT network:

Internal Network
Infrastructure

Internal infrastructure concerns the networks that are only available to people within your organisation, or those connected to it, such as your suppliers and customers. The most likely exposure here is from an insider threat, however it can also include external threats who have managed to gain access to your internal network.

The goal of our internal infrastructure testing is to identify what can be exploited by these threats and protect against the risks. Essentially, to limit the damage an ‘insider’ threat can do.

The key areas our testing reviews:

Access configuration & controls

User roles & privilege escalation

Service configuration & authentication

Data loss prevention & exfiltration routes

External Network
Infrastructure

External infrastructure is your public facing networks, the networks that can be found over the internet. As these networks are public, they can be discovered and exploited, by an attacker located anywhere in the world, this makes them an easy, high-risk target.

The goal of our external infrastructure testing is to identify what you have available over the internet, uncover vulnerabilities, and ensure you are protected against the known risks. Essentially, to help you keep the bad guys out.

What our testing sets out to achieve:

Identify your publicly available networks

Uncover live network services & software

Test services & software against known exploits

Attempt to establish a foothold on your network

Not sure what type of testing you need?

Our team will be happy to discuss your individual requirements and provide a no obligation proposal based on your needs.

What else can we review?

Our infrastructure testing is tailored to your requirements, whether you’re looking to test an entire network or just a specific area. Below are areas we can look to review during our testing engagements:

Network
architecture

Network devices (routers, switches, firewalls, etc)

Build
review

Operating systems of live systems

Software installed on live systems

Domains or
Active Directory

Missing security
patches

Configuration of software & installed components

It is impossible to exhaustively cover all possible vulnerabilities that may affect a network. Consequently, the aim of our test methodology is to act as a baseline, with additional tests and checks being performed when necessary.

Our infrastructure test process

Every infrastructure penetration test goes through a rigorous process to ensure you get the best possible results. Below we outline the key stages our testing goes through:

1. Scoping

Your dedicated account manager (AM) will work closely with you to understand your business, the infrastructure under review & the desired outcomes. The AM will then work with the assigned Pentest consultants & your stakeholders to ensure testing meets your needs.

2. Proposal

A bespoke proposal of work will be drawn up based on your requirements, our experience and our consultant’s expertise. This proposal will outline our recommended test approach, the prerequisites needed & the time required to investigate the target.

3. Testing

Testing will commence on the agreed date and our consultants will communicate with you throughout the test, to your set requirements. All testing is conducted manually and our consultants will look to identify as many issues as possible in the time allotted.

4. Reporting

A comprehensive, quality assured report of our findings will be delivered following the test. Our reports can be tailored to your needs, providing both a technical and managerial overview of findings, as well as our detailed remediation advice.

5. Post-test support

Our job doesn’t finish on the delivery of a report, your test consultant will be available after the test to explain any aspect of the report, as well as provide remediation support to internal teams and/or external suppliers.

6. Evidence of testing

Many of our clients need to supply evidence of testing for security assurance purposes. We can supply additional documentation which will provide these assurances to your internal and/or external stakeholders.

Why choose Pentest?

Our test process isn’t the only reason clients choose to work with us. Find out more about Pentest, our ethos and the support we offer our clients.

Contact us

Want to find out more about our infrastructure penetration testing service? Our team are on hand to provide you with the information you need. Please fill out the form below and one of our team will be in touch shortly.