usd OrangeBox makes remote pentests simple

24. June 2020

Many companies ask themselves whether attackers are able to compromise their IT infrastructure. Pentests provide reliable results to this question and pave the way for increasing the long term IT security.

There are two approaches on how our security analysts can perform the pentest: on-site or remotely. Pentests via remote access are performed if the IP address range is accessible via the internet. That is the case for websites or online shops. Usually, IT security assessments of systems and applications in internal networks are performed on-site.

What if an on-site pentest is not possible, but the systems within the scope are located in the internal network?

For this purpose, usd AG has been offering their customers to use a site-to-site VPN to establish a secure connection between the high-security network of usd HeroLab and the customer’s network for years. However, the setup of the site-to-site VPN requires technical personnel on the customer’s side.

In order to facilitate the setup of a secure connection even more, the security analysts of usd HeroLab have developed a solution: the usd OrangeBox. By using the usd OrangeBox, remote pentests can be performed more efficiently and securely. The solution is based on very reliable and open technologies and operates based on VPNs. In this way, the usd OrangeBox enables an automated and secure connection between the high-security network of usd HeroLab and your network.

As a result, remote pentests using the usd OrangeBox can cover the same scope and attack scenarios as an on-site pentest. This includes questions like: Can privileges of specific user roles be escalated? What are the attack vectors of unauthenticated attackers?

What does that mean in concrete terms?

The usd OrangeBox is available as a virtual appliance or a hardware implementation. It is connected to the network that is supposed to be tested. Only one outgoing HTTPS connection is required (direct or via internet proxy) to the network of usd AG. Further access to the internet or reachability from the internet is not required. If the only condition is fulfilled and the usd OrangeBox is connected to the systems that are supposed to be tested, there are no additional steps required: the box automatically sets up the encrypted VPN connection to the high-security network of usd HeroLab.
Remote pentests meet the highest quality and security standards: Secure and latest authentication methods and encryption functions ensure that your network is only connected to the high-security network of usdHerolab. Dedicated firewalls and strict permissions guarantee that only security analysts actively participating in the pentest have access to the connected network. The VPN connection is terminated as soon as you unplug the hardware or shutdown the virtual machine.

The usd OrangeBox can be put into any kind of network and can be adapted to your individual needs at any time. This can include the connection of multiple locations or multiple networks.

Your advantages at a glance

✓ easy and fast setup

✓ minor risk to your IT infrastructure, since no incoming connections are necessary

✓ reduction of effort and costs

✓ fulfillment of highest quality and security standards

✓ hardware can be delivered by mail and the virtual appliance can be sent digitally

✓ health protection by avoidance of face-to-face contact

✓ no third parties involved

✓ high flexibility regarding different operational scenarios

✓ instant termination of the VPN connection after unplugging/shutting down the usd OrangeBox

Are you interested or do you have any questions? Please contact us. We will be glad to assist you.

Also interesting:

Setting off for DORA – Your Preparation in 3 Steps

Setting off for DORA – Your Preparation in 3 Steps

DORA, the Digital Operational Resilience Act, is currently keeping the entire European financial sector on tenterhooks. The European Commission's regulation is accompanied by extensive requirements for digital resilience and there is less than a year left to implement...

What Cyber Security Has to Do with Your Annual Financial Statements

What Cyber Security Has to Do with Your Annual Financial Statements

Inadequate cyber security is one of the biggest risks for companies today. This is the assessment of the World Economic Forum, which ranks cyber insecurity as the fourth biggest risk for the next two years in its Global Risks Report 2024. That is why cyber security...