Infrastructure testing

protecting your internal &
external networks

IT infrastructure is vital to the day to day operation of your organisation, whether that be the entire enterprise network or critical devices/software such as VPN/remote access solutions, isolated VLANs, sensitive servers, network storage or even networked devices such as workstations, scanners or printers. 

If a threat actor were able to gain access to a network, it could have wide ranging consequences and could ultimately lead to them gaining full access to critical internal resources. 

Testing your infrastructure is a critical step in securing network architecture and in ensuring that systems are deployed in a way that enhances the security of your employees, customers and the resources owned by your organisation.  

External infrastructure testing

External infrastructure testing assesses the security posture of your public facing networks, the networks that can be found over the internet. As these networks are public facing, they can be discovered and exploited, by a threat actor (attacker) located anywhere in the world, without them needing any specific knowledge to do so. This makes them an easy, high-risk target. 

The goal of our external infrastructure testing is to identify what you have available over the internet, uncover vulnerabilities and ensure you are protected against the known risks. Essentially, help you keep the bad guys out. 

> How is testing delivered?

Our external infrastructure testing service is delivered remotely, this allows our consultants to faithfully simulate a potential real-world attack. 

Internal infrastructure testing

Internal infrastructure testing is concerned with the security of your internal networks, those that are available to people within, or connected to your organisation. The most likely exposure here is from an insider threat, however it can also include external threat actors who have managed to gain access to your internal network. 

The goal of this type of testing is to identify what can be exploited and protect against the risks. Essentially, limit the ‘insider’ threat. 

> How is testing delivered?

Our internal infrastructure testing can be delivered in two ways: 

Onsite testing – We will send an experienced consultant to your site and physically plug into your internal network to perform the test. This is our preferred method of delivery and we find that it provides the best experience for our clients.

Remote testing – It’s not always possible, or feasible, to send a consultant onsite. If this is this case, we can perform our internal testing remotely. This can be done in two ways:

  • Via a VPN – We will connect to your network via a configured VPN, providing consultants access to a server/VM provisioned for testing. This server/VM will require internet access, as we will need to install the necessary tools once access has been established. 
  • Via a pre-configured laptop – we will send a laptop to your site, already installed with the tools needed to perform the test. This laptop is connected to your internal network and our consultants can securely dial into the laptop via the internet, gaining access to the network under review.   

Not sure what’s the best approach for you? Our team will be happy to discuss your individual requirements and provide you with their expert recommendations. 

What we review

Our infrastructure testing is tailored to your requirements, whether you’re looking to test the entire network or just specific areas. Below are broad areas we will look to investigate during our testing: 

Network architecture

Network devices (routers, switches, firewalls, etc)

Build review

Operating systems of live systems

Software installed on live systems

Domains or Active Directory

Missing security patches

Configuration of software & installed components

Live devices on the network

It is impossible to exhaustively cover all possible vulnerabilities that may affect a network. Consequently, the aim of our test methodology is to act as a baseline, with additional tests and checks being performed when necessary. 

Our approach to infrastructure testing

Every infrastructure test goes through a rigorous process to ensure you get the best possible results. Below we outline the key stages:

1. Scoping

We work closely with you and your team to define your exact requirements, to understand your desired goals and to gain comprehensive knowledge of the infrastructure to be review.

2. Proposal & prerequisites

A bespoke proposal of work will be drawn up based on your requirements, our experience and our consultant’s expertise. This proposal will outline our recommended test approach and provide details of the number of days we feel are needed to investigate the target infrastructure thoroughly.

We will work with you to ensure this proposal meets your exact requirements and once authorised; we will outline any necessary prerequisites that are needed to ensure testing starts on time.

3. Testing

Testing will commence on the agreed date and our consultants will communicate with you throughout the test, to your set requirements.

All our testing is conducted manually, and our consultants will look to identify as many issues as possible in the time allotted, verifying whether these could be exploited.

4. Reporting

A comprehensive, quality assured report of our findings will be delivered within 5 days of the test finishing. Our reports can be tailored to your needs, providing both a technical and managerial overview of findings, as well as our detailed remediation advice.

5. Post-test support

Our job doesn’t finish on the delivery of the report, your test consultant will be available after the test to explain any aspect of the report, as well as provide remediation support to internal teams and/or external suppliers.

6. Retest

You have the option to retest, ensuring reported vulnerabilities have been addressed.

7. Evidence of testing

Many of our clients need to supply evidence of testing for security assurance purposes. We can supply documentation which will provide these assurances to internal and/or external stakeholders.

Why choose us

We act as a trusted adviser, not just a test provider. So, whether it’s your first test or you’ve conducted hundreds, our team are dedicated to making the process as seamless as possible, to pass on their wealth of expertise and to provide you with the information security support you need.

Penetration test experts since 2001

Dedicated account management

Comprehensive, quality assured reporting

Unrivalled post-test support

Optional retest of issues

Contact us

Want to find out more about our external & internal infrastructure testing services? Our team are on hand to provide you with the information and support you need. Please fill out the form below and one of our team will be in touch shortly.

Our latest research

Our Labs page is the place to discover our latest research, advisories, tool releases and challenges.

Looking to improve your security? Our insights are a great place to start.