Your external infrastructure is also known as your public-facing infrastructure, is defined as all systems and services that are publicly accessible.
This is likely to include firewalls, routers, servers, and any other service which has a routable IP address. Whether it’s a cloud-based storage interface or your corporate web application they are all classed as external infrastructure.
External Infrastructure assessments identify what is possible from an external attackers’ perspective, which systems are accessible from the public domain and how they could potentially be exploited.
The general approach is to identify as much information as possible about your business or organisation. This is done using open-source intelligence (OSINT), utilising various sources of information such as email addresses, employee names and roles, potential usernames, software utilisation, directory, and folder structures, and operating systems are harvested.
WIRED | René Gielen, VP of Apache Struts, https://www.wired.com/story/equifax-breach-no-excuse/
The more information an assailant has, the more useful it becomes. As such, this should be addressed by any organisation that has a low-risk tolerance when it comes to cybersecurity.
Unfortunately, some aspects cannot easily be controlled; however, being aware of their existence and how the information can be weaponised goes a long way in focusing attention and dealing with areas that require it.
An automated scan is undertaken to identify any low hanging fruit, each system and each service is then manually interrogated for security concerns.
Laneden works closely with our clients to understand their drivers and build an appropriate scope of works.
We provide a thorough and independent examination of your corporate infrastructure to identify security vulnerabilities within the software, systems and network configurations.
We can provide an on-site debriefing of the findings explaining how attackers could potentially gain control of your systems and exfiltrate data.
A comprehensive report is written containing an executive summary which is consumable by anyone in the organisation regardless of their technical background.
The well-defined report contains enough detail to allow you to not only understand the potential attack vectors but also concise and clear guidance on how to either mitigate or remediate the concerns.
WIRED| Bas van Schaik, Researcher Semmle, https://www.wired.com/story/equifax-breach-no-excuse/
Using a combination of automated and manual testing, our consultants will conduct a thorough assessment of your infrastructure, identifying vulnerabilities that may be exploitable by both authenticated and unauthenticated users across your network.
The use of automated tools and in-depth knowledge of manual testing allows us to accurately and effectively assess your infrastructure, maximising the time available.
Assessments are conducted in line with the current standards and methodologies utilised in the industry, such as those outlined in the Penetration Testing Execution Standard (PTES). Using PTES as guidance, Laneden defines our approach in six phases:
- Pre-engagement
- Intelligence Gathering
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
Our consultants engage with the client to discuss the scope and make certain all is in order prior to the assessment beginning
Communications at the beginning and end of each assessment day, confirming either the assessment is starting or ending for the day.
On-going communications from the engaged engineer, highlighting any major issues as they come across them.
A comprehensive report is provided containing an executive summary which gets right to the point of the associated risks and is consumable by anyone in the organisation regardless of their technical background.
Clear and concise information describing each issue to hand.
Technical references will be provided when relevant, allowing you to gather more information on the vulnerability if required.
Each vulnerability will be put into context and given a risk-based score. Utilising CVSS 3 scoring and relevant context you can get a real picture for each associated risk.
Simple remediation advice, advising what is required to remediate the relevant vulnerability.
FREQUENTLY ASKED QUESTIONS
PTES is standard designed to provide both businesses and security service providers with a common understanding and framework for performing penetration testing.
Generally, external infrastructure assessments or external penetration tests, look to identify security concerns within any publicly accessible server or service.
Laneden does not only look to identify known security vulnerabilities and exploit them. Our experienced engineers use open source information gathering techniques similar to those utilised by malicious actors, to identify as much information as possible on your organisation.
This information is then used to build real-life attack scenarios across vectors such as credential stuffing and password attacks. Giving you a real view of the risks associated with your public footprint.
Infrastructure penetration testing or vulnerability assessments can provide assurance that systems and security controls have been configured securely with best security practices in mind.
Provide assurance that no common or publicly known vulnerabilities are affecting your systems.
Help identify potential attacks vectors associated with any information you or your organisation may have publicly available.
If vulnerabilities are identified they can be remediated prior to a malicious actor taking advantage of them.
Common vulnerability identification and management
Potentially avoid extra costs and reputation damage due to a breach via a commonly known vulnerability
Helps identify security concerns before any malicious actors can abuse them
Provide evidence of compliance with regulatory bodies
To provide assurance to customers, suppliers and partners, proving you are taking measures to produce secure services and protect their data
Provide insight into potential risks associated with your network
Help identify publically available information that could be used to attack your organisation
Provide critical input into your risk management programs
Assessments are priced based on the size of the relevant engagement, how many servers form the scope and any relevant complexities surrounding any scenario-driven requirements. Once requirements and drivers are understood a statement of works measured in days is produced.
The statement of works will describe the total man-days required to fulfil the engagement, priced per man day.
Infrastructure assessment scoping is reasonably straight forward, our experienced consultants are able to confirm how many days would be required to complete the engagement based the amount of systems in scope.