usd OrangeBox makes remote pentests simple

24. June 2020

Many companies ask themselves whether attackers are able to compromise their IT infrastructure. Pentests provide reliable results to this question and pave the way for increasing the long term IT security.

There are two approaches on how our security analysts can perform the pentest: on-site or remotely. Pentests via remote access are performed if the IP address range is accessible via the internet. That is the case for websites or online shops. Usually, IT security assessments of systems and applications in internal networks are performed on-site.

What if an on-site pentest is not possible, but the systems within the scope are located in the internal network?

For this purpose, usd AG has been offering their customers to use a site-to-site VPN to establish a secure connection between the high-security network of usd HeroLab and the customer’s network for years. However, the setup of the site-to-site VPN requires technical personnel on the customer’s side.

In order to facilitate the setup of a secure connection even more, the security analysts of usd HeroLab have developed a solution: the usd OrangeBox. By using the usd OrangeBox, remote pentests can be performed more efficiently and securely. The solution is based on very reliable and open technologies and operates based on VPNs. In this way, the usd OrangeBox enables an automated and secure connection between the high-security network of usd HeroLab and your network.

As a result, remote pentests using the usd OrangeBox can cover the same scope and attack scenarios as an on-site pentest. This includes questions like: Can privileges of specific user roles be escalated? What are the attack vectors of unauthenticated attackers?

What does that mean in concrete terms?

The usd OrangeBox is available as a virtual appliance or a hardware implementation. It is connected to the network that is supposed to be tested. Only one outgoing HTTPS connection is required (direct or via internet proxy) to the network of usd AG. Further access to the internet or reachability from the internet is not required. If the only condition is fulfilled and the usd OrangeBox is connected to the systems that are supposed to be tested, there are no additional steps required: the box automatically sets up the encrypted VPN connection to the high-security network of usd HeroLab.
Remote pentests meet the highest quality and security standards: Secure and latest authentication methods and encryption functions ensure that your network is only connected to the high-security network of usdHerolab. Dedicated firewalls and strict permissions guarantee that only security analysts actively participating in the pentest have access to the connected network. The VPN connection is terminated as soon as you unplug the hardware or shutdown the virtual machine.

The usd OrangeBox can be put into any kind of network and can be adapted to your individual needs at any time. This can include the connection of multiple locations or multiple networks.

Your advantages at a glance

✓ easy and fast setup

✓ minor risk to your IT infrastructure, since no incoming connections are necessary

✓ reduction of effort and costs

✓ fulfillment of highest quality and security standards

✓ hardware can be delivered by mail and the virtual appliance can be sent digitally

✓ health protection by avoidance of face-to-face contact

✓ no third parties involved

✓ high flexibility regarding different operational scenarios

✓ instant termination of the VPN connection after unplugging/shutting down the usd OrangeBox

Are you interested or do you have any questions? Please contact us. We will be glad to assist you.

Also interesting:

usd AG Partner to PCI SSC GEAR 2022-2024

usd AG Partner to PCI SSC GEAR 2022-2024

The PCI Security Standards Council (PCI SSC) has reappointed usd AG to the Global Executive Assessor Roundtable (GEAR). Since 2018, the GEAR has enabled a direct exchange between PCI assessors and the PCI Security Standards Council (PCI SSC). Every two years, leading...

Security Advisory for CleverReach

Security Advisory for CleverReach

The analysts at usd HeroLab examined CleverReach as part of their security analyses. This revealed a vulnerability in the  Authentication Bypass Using an Alternate Path or Channel, which was reported to the manufacturer as part of the Responsible Disclosure...

Security Advisories for CA Harvest

Security Advisories for CA Harvest

The analysts at usd HeroLab examined the CA Harvest Software Change Manager as part of their security analyses. This revealed a vulnerability in the CSV export functionality, which was reported to the manufacturer as part of the Responsible Disclosure Policy. The...

Categories

Categories