Check Network Security with Infrastructure Pentests

Newer companies may not yet have their network security under control. Conversely, more mature companies often have large and multi-layered networks that quickly become error-prone. We can help you audit your networks and protect assets with a pentest. From mail servers to firewall testing, we'll find the vulnerabilities in your systems!

Definition and Explanation

What is Infrastructure Penetration Testing?

An infrastructure penetration test provides your organization with a security analysis of the effectiveness of your internal as well as external security systems. As the basis for secure applications and communications, systems and infrastructures as well as network security must not be neglected. This guideline applies to organizations of all sizes especially critical infrastructures (CRITIS). Advanced knowledge of server operating systems, transport encryption and infrastructure configuration enables our pentesters to find security gaps in your IT infrastructure and apply problem solutions. For this purpose, manual as well as automated scans are performed, evaluated and appropriate countermeasures are initiated.

Servers, Endpoints, IoT and Networks

Penetration Testing for Infrastructures

Advanced knowledge of server operating systems, transport encryption and infrastructure configuration enables our penetration testers to find security vulnerabilities in your IT infrastructure and apply problem solutions. For this purpose, manual as well as automated scans are performed and evaluated in order to initiate appropriate countermeasures.

Infrastructure Cyber Security

Find Cyber Security Gaps with an Infrastructure Pen Test from turingpoint.

We audit your network security and protect your assets from inside and outside attackers with modern cyber security!

Infrastructure Components: Infrastructure components such as server systems, web servers, operating systems, general network protocols, process networks, machine lines, VPN systems, Active Directories (AD), Internet of Things (IoT) devices, WLAN networks, databases and firewalls can be tested.
Virtualizations or Containerization: Use our comprehensive security certificate to prove to customers the high security level of your applications and infrastructures. Successful accreditation is preceded by a cloud assessment or penetration test.
Compliance and Safety Recommendation: In IT security, there are many guidelines that must be adhered to. In case of non-compliance, these usually do not represent a vulnerability in the classical sense. We also check existing compliance guidelines or adapt our security recommendation for your company.

Situational Penetration Test

Scenario Based Penetration Test

It is possible to perform a penetration test in the context of a specific scenario. This approach makes sense if you only need to check a specific attack vector.

Alignment with OSSTMM, NIST, PCIDSS, and PTES is also available upon request.

Evil Employee: Many attacks are carried out by internal perpetrators. What rights can an employee unknowingly gain to manipulate processes or data?
Stolen Notebook: The breach of mobile devices can have catastrophic effects on the integrity of organizations. We evaluate hardening measures or vulnerabilities in cell phones and laptops !
Lateral Movement: A server has been compromised and you want to know how far an attacker can move in your system landscape?

Learn more about Performing Penetration Tests with turingpoint!

More information

Pentest for Servers, IoT, WLAN and Firewalls

Higher Network Security with a Standardized Infrastructure Penetration Ttest

Basically, the longer our security engineers perform the infrastructure penetration test and check network security, the more meaningful the results. Our IT security test follows proven procedures and modules. If you have special requirements, we will be happy to make you an individual offer.

Information Collection: There are direct and indirect methods of search engine search and reconnaissance. Direct methods refer to searching the indexes and related content from the cache. Indirect methods refer to gathering sensitive design and configuration information by searching forums, newsgroups, and site alerts. Host discorvery with port scans for enumeration of services is also included in this package.
Firewall Test: Firewall rules and policies control data traffic between LAN and Internet. These rules can be used to restrictively seal off one's own network against external influences - and without affecting the generally required Internet traffic. At the same time, however, faulty rules can also create new vulnerabilities. Therefore, it is advisable to test, continuously monitor and control your firewall.
Patch Management: The term patch management refers to the strategic control for importing system updates, which are used to close security gaps in software applications that have only been identified after market launch. Outdated software packages or frameworks from external sources should always be up to date.
VPN Analysis: Even if high-quality encryption is normally used today, a misconfiguration in the server can result in weak encryption - or in the worst case, no encryption - being enforced, allowing an attacker to gain access to the supposedly secure communication channel.
Privilege Escalation: For this purpose, an error (bug) in the operating system or the software is usually used. In most cases, program code is needed to perform the escalation. Privilege escalation is most often used to obtain root privileges. Such tools (possibly in conjunction with certain actions) are called exploits.
Network Manipulation: An attacker exploits features of the infrastructure to perform attacks on network objects or to cause a change in the ordinary flow of information between network objects. Most often, this involves manipulating the routing of messages so that instead of arriving at their intended destination, they are directed at an entity of the attackers.
Active Directory (AD): We use graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. In this way, highly complex attack paths can be identified that would otherwise be very difficult to detect.
IoT Devices (Internet of Things): The methods for assessing security and hardening measures in the environment of IoT (Internet of Things) devices are by no means exclusive mechanisms found only in this area. Rather, they are the application of various measures at the software, operating system, and network levels to ensure information security.
Advanced vulnerability Analysis: Our vulnerability scans reliably find gaps such as Spectre or Meltdown, Solorigate, ProxyLogon, Ripple20 or ransomware such as WannaCry.
Public Key Infrastructures: The PKI is an important component of a solid security concept and describes a cryptographic trust anchor. Within this framework, every device and every user must identify themselves. Only with successful authentication is it then possible to enable secure communication or connection between two endpoints.

Current information

Recent Blog Articles

Our employees regularly publish articles on the subject of IT security

Infrastructure Penetration Test

Effort Estimation of Penetration Tests Using the Timeboxing Method

Timeboxing is a central concept of agile software development and is being used in more and more areas. Basically, a timebox refers to the time you have to complete a task.