Infrastructure Testing

Overview

The goal of a penetration test is to demonstrate whether and/or how vulnerabilities in systems or network services can be exploited to spread through the network and eventually gain access to target systems or data. Testing will include vulnerability exploitation, username and password discovery, lateral movement between connected and trusted systems both inside and outside the target environment and demonstrating evasion and pivoting from compromised hosts. The goal is to illustrate the concept that "a chain is only strong as its weakest link" and to expose security vulnerabilities that are not demonstrated in vulnerability assessments.

Testing Solutions

Types of network penetration testing

External

Testing for an external network is used to test the effectiveness of security controls at the network perimeter to prevent and detect attacks and identify vulnerabilities in Internet-facing resources such as web, mail, and FTP servers.

Internal

An internal infrastructure test is performed to estimate what an attacker might accomplish with initial access to a network. This type of testing can reflect insider threats, such as employees performing malicious actions intentionally or unintentionally.

Wireless

Wireless networks are essential for accessing systems and data, but they can also be a gateway for cybercriminals. Testing wireless protocols and technologies, including Bluetooth, ZigBee, and Z-Wave, to identify and remediate vulnerabilities that could lead to unauthorized network access and data leakage is a must.

Methodology

Our approach to infrastructure testing

Step one

Scoping - define the network and assets involved and develop an appropriate assessment strategy.

Step two

Reconnaissance and intelligence gathering - using the latest intelligence gathering techniques to uncover security and technical information that could help consultants gain access/pivot to your network.

Step three

Active testing and vulnerability analysis - using a combination of automated tools and manual testing, our consultants seek to identify security vulnerabilities and develop a strategy to exploit them.

Step four

Exploitation - to gain initial access or move laterally in your organization, our consultants exploit identified vulnerabilities in a secure manner that avoids damage and disruption.

Step five

Reporting - once testing is complete, our consultants will document all findings and provide you prioritized guidance on how to address the identified vulnerabilities.

FAQ

Frequently asked questions about infrastructure testing

A network penetration test is a type of security assessment performed by an ethical hacking company to identify cybersecurity vulnerabilities that could be used to compromise on-premises and cloud environments. A network penetration test can include assessing security controls at the edge of the network as well as devices such as routers and switches.

Penteor has created a system that facilitates remote testing called Penteor Testing Appliance (PTA). This Virtual Machine-based system allows Penteor to establish a point-of-presence on the client's internal network and provide remote, internal testing capabilities. Using PTA, Penteor can eliminate on-site travel expenses and allow greater scheduling flexibility, while providing the same quality as an on-site test.

To ensure that the results of infrastructure pen testing are clearly communicated to technical and non-technical stakeholders, each Penteor penetration test includes a written report detailing all vulnerabilities discovered, the level of risk of each vulnerability, the difficulty of exploitation, and recommendations for rapid remediation.

An internal pen test is conducted within an organization's network to find vulnerabilities from the inside. An external pen test is conducted remotely, with an ethical hacker looking for security vulnerabilities in Internet-facing resources such as web, mail, and FTP servers.

The information a network penetration testing company needs for the scope of a test depends on whether an internal pen test or an external pen test is required. The information that a network penetration testing vendor typically requires includes the total number of internal IPs and external IPs to be tested, subnets, and the number of physical locations.

Get an infrastructure penetration test quote

Get Quote