Infrastructure Penetration Testing

Our CREST Certified CHECK Team Leaders (CREST CCT Infrastructure since 2011) have international work experience in penetration testing , security auditing and security management across varying sectors such as Banking, Financial Services and Insurance, Gaming/Gambling, Energy, Entertainment, Transport, Telecommunication, Oil & Gas, Pharmaceutical, and Local governments.

We have successfully executed and delivered several web application and infrastructure security projects for a number of clients rated amongst the top five in BFSI industry. This involved contribution to complex projects with regard to IT security expertise on different aspects i.e. architecture, network, development. A number of large projects/jobs commissioned related to the following main scopes:

  • Big data/Hadoop security assessments (estate wide Cloudera and Hortonworks implementations) including Hive, Impala, Knox, Ranger/Ambari, HBase, HDFS, etc modules security reviews.
    High risk platforms testing such as investment banking products, FIX, and futures trading compiled application assessments
  • SAP security assessments at one of the top retail and commercial banks and a leading British MNC in construction, demolition and agriculture.
  • Pin Entry Device (PED) security assessments for PCI preparation for a major restaurant and coffee chain.
  • Multiple black box internal security assessments

*Internal Infrastructure Testing (Domain wide – Black box testing ) – This is from zero knowledge with only physical access to one network port of your organisation, we attempt at compromising the network , grabbing password database, cracking and analysing the nature of passwords popular within the organisation, auditing the patch management policies, account policies, security settings and how group policy is faring against the server, desktop and other domain systems.

*Internal Infrastructure Testing (Focussed) – This testing differs from the above service with exception of focussed testing on a set of systems. This does not involve any patch management, password cracking areas unless there is a compromise of systems in scope for test. This will provide network footprint picture, along with any vulnerabilities associated with the software/services running on identified open ports.

*External Infrastructure Testing – This is a network infrastructure test performed over the internet. This is mainly performed against internet facing servers such as web servers, email servers, firewalls, and other network devices.

*Hardening Review – Build reviews are performed on the operating systems to prepare organisation for benchmarking internal hardening processes necessary before rolling out new builds or improve existing server operating systems.

*Device Reviews – This area covers auditing configurations from hardening perspective against devices such as switches, routers, firewalls