Infrastructure Security Penetration Testing

Safeguard your critical infrastructure.

Threat actors target an organisation's internal and external networks, searching for vulnerabilities that will enable them to gain access and target your highly sensitive customer and enterprise data. All organisations depend on their network infrastructure to underpin all business processes, and therefore, attackers will attempt to compromise the efficacy of your critical infrastructure to impact your productivity or launch damaging attacks such as Ransomware.

Infrastructure Security Penetration Testing from CSA determines how easily your internal and external networks can be compromised by a threat actor and to what extent they would be able to exploit this access.

How does it work?

Our tried-and-tested methodology ensures that our Infrastructure Security Penetration Testing clients gain full visibility of how their networks can be compromised.

Infrastructure-security-image

1. Scope

The CSA team undertakes a rigorous scoping process which will ensure that the constraints of our testing program are clearly defined. To enable us to design a testing program tailored to your needs, our Consultants will also engage with your team to fully understand your business challenges and context.

2. Reconnaissance & Enumeration

A reconnaissance program is undertaken by our team, in which your infrastructure is thoroughly assessed with a view to identifying opportunities to infiltrate your network.

3. Vulnerability assessment

Our team runs comprehensive vulnerability scans to identify your organisation's key network vulnerabilities. We then determine which vulnerabilities would present the most attractive opportunity to real-world threat actors.

4. Exploitation

Having identified the security weakness that is most likely to be exploited by a threat actor, our team conducts a series of attacks to gain access to your systems.

5. Lateral movement

Our team will attempt to access a range of different systems within your organisation's infrastructure

6. Reporting

Finally, our team delivers a highly detailed report which highlights key vulnerabilities within your infrastructure and provides a prioritised remediation plan to address each one.

External Network Penetration Testing

Our External Network testing demonstrates what an Internet-based attacker with no prior knowledge of the organisation can gain from targeting the perimeter infrastructure. – CSA's network penetration testing specialists perform both passive and active detection of available network services, such as using search engine results and network scanners. – Our team will also undertake port and vulnerability scanning which can identify vulnerable services that are accessible and facing the Internet (for example a database server), with manually-led and creative exploitation of any of these exposed services.

Internal Network Penetration Testing

The internal network penetration test is a manually-led exercise that focuses on what an attacker can compromise given basic access to a corporate network. Our team will undertake a privileged credential scan of the target environment, including both workstation and server systems, along with other network-capable systems. This provides your security team with granular information relating to missing security patches, configuration issues, and common and less well known vulnerabilities fraudsters and other attackers are actively looking to exploit.

Active Directory Review

An increasingly common threat actor tactic is to target an organisation's Active Directory, because this enables them to control all domain-connected devices and services. The Active Directory Review from CSA is a comprehensive security test, in which our team analyses your AD security configuration to identify areas where best practice is not being followed. All findings are delivered via the CSA platform, which provides clear remediation actions to enable your team to secure your Active Directory.

IT Health Check

Organisations that require formalised penetration testing should undertake an IT Health Check from the exclusive list of CHECK providers certified by the National Cyber Security Centre (NCSC). CSA holds NCSC CHECK Green Light status and is committed to employing the latest testing methodologies, which are routinely reviewed and approved by the NCSC and other authorities. Our expert team can undertake a range of network penetration testing processes and audits in line with NCSC standards to provide your organisation with the cyber-security assurance you need.

Build Assurance Review

CSA  provides an array of device assessment services, including workstation, mobile device management and device policy configuration reviews. We provide technical assurance against the specific requirements of your organisation, such as CIS standards or PCI DSS compliance, and cyber risks that your organisation will be facing. Our Build Review Assurance service identifies and highlights the potential impact of an authorised or unauthorised user gaining access with malicious intent. A full security audit is performed against the  scoped  device,  with testing undertaken to identify areas where remediation is required to harden the build process.

Virtual Private Network (VPN) Penetration Testing

Despite their inherent security advantages in comparison to the use of public networks, many cyber-criminals have the capabilities to infiltrate VPNs. Our testing services rigorously assess and benchmark your organisation's VPN infrastructure against best practice guidelines. Our team will undertake in-depth analysis of the features and configuration of your VPN to establish any weaknesses that could be exploited by a threat actor. All of our findings will be provided via the intuitive CSA platform, alongside recommendations on how to enhance your VPN’s security and achieve configuration best practice.

Network Device Review

Today, organisations not only feature complex technology stacks, but their network infrastructures are also comprised of many thousands of connected components, such as switches, routers and firewalls. If these devices are not adequately protected they could offer threat actors opportunities to breach your organisation's network. CSA's Network Device Review service thoroughly assesses your network devices. We undertake a comprehensive review that will enable your organisation to identify vulnerabilities and mis-configurations that exist within your network devices. Our expert team deliver their findings via the CSA Cyber platform, which centralises vulnerability data and simplifies the task of remediation.

Vulnerability Assessment

Our Vulnerability Assessment service is a highly powerful and cost-effective exercise, that enables your organisation to quickly identify all vulnerabilities that exist across your network. Our technology automatically scans your network to detect areas of weakness and misconfiguration. Following the assessment, our findings are delivered via the CSA Cyber platform which provides an intuitive workflow to assist your team with the task of manually investigating each vulnerability.

Wireless Network Penetration Testing

It is essential that your organisation's wireless networks are configured to utilise the strongest available encryption and authentication methods. CSA's Wireless Network Penetration Testing services identify any insecure encryption or authentication methods as well as any system misconfigurations which could be exploited by a threat actor. Our expert team will discover any rogue access points that may be connected to internal networks and will also highlight all wireless network segregation issues which allow ‘guest’ networks to interact with internal network services. We obtain and attempt to crack WPA/WPA2 pre-shared-keys (PSK’s) for your networks to identify insecurely configured passphrases, to ensure that your organisation's use of wireless technology is aligned with security best practice.