PENTEST: SYSTEMSPROTECT YOUR NETWORK & IT SYSTEMS
WHAT ARE ENTRY POINTS FOR ATTACKERS?
Whether network components, servers or work stations, the security of all IT system components is one of the most important aspects of corporate IT security. Depending on the system to be tested, we differentiate between internal and external pentests: Internal tests simulate an attack by a hacker who has already gained access to the internal network, e.g. through unauthorized physical access. External tests simulate an attack via the internet in which hackers attempt to access your IT systems.
Vulnerabilities in external IT systems accessible from the internet are often used as an initial entry point. Through vulnerabilities in the internal IT system, attackers may be able to infiltrate the corporate network and spread further, enabling them to hijack or manipulate sensitive data, as well as target other users on the network. Loss of confidentiality, integrity and availability of information are possible consequences of a successful attack.
Our system pentest is an effective security measure to comprehensively analyze your systems for these vulnerabilities.
COMMON VULNERABILITIES INCLUDE:
- Insecurely configured services
- Lack of or insufficient authentication mechanisms
- Unauthorized access to information and functionalities
WHAT IS OUR APPROACH?
Our pentests are conducted according to a standardized approach, which is enhanced by specific aspects for system pentests:
Our security analysts rely on a combination of standardized tools and the usd HeroLab Toolchain for system-level pentests. Our in-house development Icebreaker Platform assumes a central role by enabling a fast and reliable initial analysis of systems. Our security analysts base their manual analysis on these findings and analyze all identified services and ports. Known ports are analyzed comprehensively based on best practices and through specialized testing methods. Unknown ports (for example your in-house development) are analyzed on system level to identify possible attack vectors.
WHAT CHECKS ARE INCLUDED?
These checks are included pentests on the network and operating system levels:
- Identification of all accessible IT systems including system services using host and service discovery
- Automated check of all accessible system services using a state-of-the-art vulnerability scanner
- Checking system services for logic vulnerabilities and checking for the possibility of combining different identified vulnerabilities
- Search for publicly known vulnerabilities
- Exploitation of identified vulnerabilities using available or customized exploits (by arrangement)
- Manual verification of the system service encryption (SSL/TLS)
- Interacting with system services (e.g. via command line or other script languages) to identify misconfigurations or vulnerabilities