Infrastructure and Network Penetration Testing

URM > Consultancy > Infrastructure and Network Penetration Testing

Infrastructure and Network Penetration Testing

URM is able to perform an internal or external penetration test against all network services associated with your organisation, location or service (e.g. remote access via a VPN or web application).

URM can perform the following types of infrastructure testing:

  • External network penetration testing – the purpose of this testing is to review your organisation’s systems from a public perspective (as an unauthenticated external user). This testing will determine what information and services are publicly accessible, and if there are any vulnerabilities that could lead to internal systems or information being exploited.  This testing might cover reviewing a VPN, FTP, Email or Web service.  For each specific service, URM will look to perform appropriate, e.g. the testing will include reviewing the web services for OWASP (Open Web Application Security Project) top ten vulnerabilities on any publicly pages available (e.g. login pages).

  • Internal network penetration testing – should an attacker gain physical access to your network, an internal penetration test will explore the potential issues that they can discover and exploit to gain access to information and services. URM can include testing wireless networks, this is particularly important if your organisation provides a public Wi-Fi service to users using infrastructure that is shared with your corporate environment.

URM’s Approach to Infrastructure and Network Penetration Testing

For infrastructure testing, URM can work with you to design something which is both tailored and appropriate to your organisation. URM will agree with you an appropriate reporting mechanism and ensure that all findings identified include recommended remediation.
Example of vulnerabilities identified by our infrastructure and network penetration testing include:

  • Misconfigured services allowing public access to systems that should be restricted, e.g. CCTV monitoring applications not restricted or public disclosure of intranet applications

  • Unpatched or out-of-date system software leading to vulnerabilities that result in unauthorised information access

  • Systems not keeping pace with the latest best practice configuration standards

All of URM’s penetration testing engagement utilise the following methodology:

  1. Pre-Engagement Analysis: URM recommends a kick-off meeting is scheduled where information is sought on the design, architecture and systems (if a grey box test is being conducted).

  2. Publicly Available Intelligence Gathering: This phase of the engagement focuses on identifying (where possible) targets for the testing using passive means or public sources (DNS for example)

  3. Vulnerability Analysis: Understanding and enumerating the networks services that are available to determine vulnerabilities within the current versions of software or any misconfiguration

  4. Exploitation: Once services have been identified, performing a combination of manual and automated tests to further uncover security vulnerabilities.

  5. Post Exploitation: Analysing the gathered data and results of the various reviews. The analysis includes categorising the detected vulnerabilities and prioritising them against the business and technical context.

  6. Report documentation: This phase of the engagement will include compiling the results of the penetration testing and providing comprehensive risk-based findings for all issues found. As with all deliverables within URM, the report will be reviewed to ensure quality and accuracy.

What People Say About Us:

“URM were super helpful and knowledgeable, talking and walking me through each one of the tests and providing some useful information on security and how to improve things in the future.”

 

“I was very impressed with how the process went on testing day and I can’t wait to take other clients through the process with URM.”

 

“Having never gone through the Cyber Essentials Plus process on behalf of a client I was very impressed with how the process went on testing day and I cant wait to take other clients through the process with URM.”

 

“This was a great exercise for the business to go through as some gaps were found and URM provided valuable information on remediation.”

Let us know how URM can help you

Consultancy Services

About URM

URM is dedicated to providing high quality, cost-effective and tailored consultancy and training in the areas of information security, data protection, business continuity and risk management.

Our office is open 08:00 – 17:30 Monday to Friday.

Email: info@urmconsulting.com
Phone : +44 (0)118 206 5410

Follow us on