During an infrastructure penetration test our consultants attempt to breach security of your organization so that the risks and the potential consequences of an intrusion can be fully appreciated.
Penetration testing can be conducted with or without prior knowledge about targets in scope – such as architecture of network and its systems. Performing such an attack is similar to real world scenario and provide senior management with a true image of the effectiveness of existing security measures in an organization.
Infrastructure penetration tests are often subdivided into external and internal stages. Internal infrastructure security assessment is a way to identify risks that are present in an internal perimeter of an organization and can be conducted remotely by customer organization issuing a secure VPN tunnel into the target network with equal or similar privileges that a typical remote employee gets.
Infrastructure penetration test identifies existing vulnerabilities in infrastructure and provides practical evidence of whether they can be exploited. The following typical steps are performed by experts of Critical Security during infrastructure security test:
The report is structured to contain not only information about identified security vulnerabilities and weaknesses, but also is highly focused on solutions for these issues. The solutions typically can be implemented by means of organization’s own IT department and are vendor neutral.
Making sure that issues are fixed
After vulnerabilities are mitigated, our experts can verify that the applied mitigation measures are sufficient and remove the problem by conducting a re-check, during which the report is updated with information on which problems have been successfully mitigated and indicate if there are any issues that still need to be addressed.
Additional information
Preparing for penetration test |
Application security |
Typically organization sets the scope of an assessment. List of external IP addresses or architectural diagram of an internal network segment is a good start. |
Infrastructure security assessments usually replicate behavior of an external or internal attacker trying to get access to organization’s network. Mission critical WEB and business applications should be audited separately in order that application-specific vulnerabilities are discovered |
Critical Security was established in 2007 by a group of cyber security enthusiasts. Since its establishment, the company has been providing high-quality security assessments and penetration tests to various organizations, helping them identify and mitigate potential security threats.