Connect and Go: The usd OrangeBox Makes Preparing for Remote Pentests Easy

12. April 2024

A penetration test or pentest provides answers to the question of whether attackers can penetrate your IT infrastructure. There are two ways in which our security analysts can carry out a pentest of your systems and applications: on site or remotely.

Remote access is particularly suitable if the IP addresses to be tested are accessible from the internet, which is the case for websites or online stores, for example. Systems and applications that are not accessible from the Internet have traditionally been tested directly on your premises. However, the presence of our analysts on site is often neither necessary nor the most efficient and practical solution for carrying out a pentest. A remote pentest, for example with the usd OrangeBox, can cover the same attack scenarios and the same scope of testing as an on-site pentest.

Preparation for remote pentests

We have been offering you the option of setting up a secure connection between the usd HeroLab's high-security network and your network to be tested via site-to-site VPN for years. However, setting up site-to-site VPN connections requires appropriate specialist personnel and time expenditure on your part.

The experts at usd HeroLabs have developed the usd OrangeBox to make setting up a secure connection easier and more resource-efficient for you.

The usd OrangeBox is a wonderful addition to existing remote pentesting procedures. It enables the simple and easy establishment of secure site-to-site connections for pentesting with usd.

Markus Ritter, Managing Security Consultant, usd HeroLab

Secure connection via the usd OrangeBox

The usd OrangeBox enables remote pentesting of systems and applications in internal networks with a high level of security and efficiency. It is based on highly reliable and open technologies and works on a VPN basis. The encryption methods used comply with the recommendations of the German Federal Office for Information Security (BSI). Dedicated firewalls and strict authorizations ensure that only those security analysts who are actively involved in carrying out your pentest have access to the connected networks. In this way, the OrangeBox automatically enables a secure connection between your network and the usd HeroLab's high-security network.

Setting up the usd OrangeBox

usd OrangeBox as Hardware makes preparing for remote pentests easier
usd OrangeBox - Hardware

You will receive the usd OrangeBox from us electronically as a virtual machine or by post as hardware. Connect the OrangeBox to the network to be tested and make sure that it can establish an HTTPS connection (directly or via Internet proxy) to our network. Further access to the Internet or accessibility from the Internet is not required. If this condition is met and the usd OrangeBox has access to the systems to be tested, it automatically establishes an encrypted VPN connection to the usd HeroLab's high-security network. The usd OrangeBox can be placed in any network and can be adapted to your individual requirements at any time - be it the consideration of several locations or the connection to several networks. The VPN connection is terminated as soon as you remove the box from your network or shut down the virtual machine.

Also interesting:

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

usd AG Listed as EPI Partner for Mobile Security Evaluations

usd AG Listed as EPI Partner for Mobile Security Evaluations

The popularity of mobile payments is growing, and with it, the demand for verified security. usd AG is expanding its activities in the EPI environment and will also conduct Mobile Security Evaluations in the future. This places us among the few EPI-listed Security...

Categories

Categories