Infrastructure

Internal IT-Infrastructure

The internal IT-infrastructure is the foundation of every company and requires adequate protection.

Scope of the pentest

During this assessment, our ethical hackers are evaluating your internal IT-infrastructure regarding vulnerabilities and misconfigurations.
The test can be conducted on premises or remotely. Our testers require only a VPN connection (remote) or a functioning Ethernet plug (on-premises).

Exemplary test objects:

Mail server

Internal IT systems for e-mail dispatch or retrieval

Web portals

Intranet portals or self-developed web applications

Printers and peripherals

Peripherals such as printers or fax machines in the internal IT-infrastructure

Database sytems

IT systems for the storage and retrieval of data such as MariaDB or MSSQL

File server

Network shares for file exchange via SMB, FTP, etc.

Development environments

IT systems for development, e.g., Jenkins, GitLab, Docker, etc.

5%

On average only about 5 percent of company folders are secured sufficiently. ¹

On average, every employee has access to 11 million files. ²

34%

More than a third of all data leaks were a result of insider threats. ³

Penetration test of the internal IT-infrastructure

Our approach

The pentest approach presented herein includes a security analysis of your internal IT infrastructure from the perspective of an internal attacker. We simulate an attacker with access to the internal network and identify vulnerabilities like oudated software versions, weak access controls or misconfigurations. .

Our tests include an automated vulnerability scan, as well as a manual analysis of all active network services. With your approval found vulnerabilities are actively exploited to demonstrate the real attack potential.

Internal networks are interesting and rewarding targets for attackers, as they are usually less protected than publicly available systems. The test can be conducted on premises or remotely.