Skip to content
scenario-based assessment

Workstation Security Assessment

In times of growing mobility it quickly happens that mobile devices are lost or stolen. In addition, client end devices are usually the first IT systems to be compromised by an attacker.

How is your company secured in this case?

Scope of the pentest

In this penetration test, our ethical hackers analyse what impact the compromise or loss of a laptop would have on your organization. By default our tests are conducted remotely. Optionally, on premise testing is possible.

Exemplary test objects:

Corporate laptops

We evaluate your corporate device regarding common hardening measures like BIOS password, a secure boot order or full disk encryption. Furthermore we analyse your operating system for ways of escalating privileges.

Corporate phones

Dependent on the mobile device, we attempt to read the disk of the device and exflitrate sensitive data. Furthermore we evaluate the mobile devices regarding misconfigurations and hardening measures.

OPEN CONFIGURATOR

On average, a laptop is stolen every 53 seconds. ¹

86%

86% of IT professionals report that a laptop was lost in their company. ²

The average financial damage a lost notebook creates is 47.000 USD. ³

Workstation Security Assessment

Our approach

Nowadays, many companies have several locations or employ employees who travel a lot. At the same time, employees’ demands on their workplace are increasing. Mobile work devices such as laptops and software solutions such as virtual private networks (VPN) enable the flexibility of a workplace and mobile working. This has many advantages for companies  as well as for their employees, but also harbors potential risks.

According to the research company Gartner, a notebook is stolen every 53 seconds. There are also devices that lose employees. The material loss is manageable for most companies. But what about losses in terms of content? Many companies are unaware of the opportunities available to criminals following the theft or discovery of a notebook. In addition, client end devices are usually compromised first in cyber attacks. For example, in the event of a phishing attack or drive-by download.

In a scenario-based test procedure, we check what impact the compromise or loss of a laptop would have on your organization. The following test contents are used:

  • Analysis of hard disk encryption
  • Analysis of the BIOS backup
  • Analysis of system services
  • Analysis of network communication in the internal network
  • Analysis of the authorization on the file system
  • Analysis of installed software
  • Analysis of the workstation against hardening recommendations (CIS benchmarks)
Based on the results of our analysis, we carry out targeted attacks to extend our rights on the workstation.
Stolen Notebook

Data on notebooks can be protected against unauthorized access by encryption primitives such as Bitlocker or other variants. Another option is to additionally secure the systems with so-called BIOS passwords. This would hinder attackers from exchanging the hard disk of the device and using the computer otherwise.

However, there may be implementation errors or ways to actively undermine an implemented protection measure.

OPEN CONFIGURATOR

Standards and qualifications

We follow recognized international standards for our pentest procedure.

Our penetration testers are highly qualified and certified with several recognized hacking certificates.

Sources

1 - https://securityboulevard.com/2018/09/7-shocking-statistics-that-prove-just-how-important-laptop-security-is/