Network Security

  • A review of your Active Directory (AD) environment aims to identify any misconfigurations or attack paths within your internal network. Specifically understanding what an adversary with a foothold within your internal network could leverage to gain access to sensitive information, deploy ransomware, or achieve specific objectives.

  • Server host reviews identify weaknesses in a server’s configuration, specifically looking into ways to harden the overall build, identify privilege escalation vectors, and understand if there is any outdated or vulnerable software in use.

  • Network assessments can be flexible to your requirements. They can be conducted on your external or internally facing assets. Typically the aim is to identify different attack paths that could be abused to gain a foothold or move laterally within your network.

  • Network scanning can be conducted to fingerprint services with known vulnerabilities running on your internal or external networks.

  • Network segmentation is a crucial part of protecting sensitive assets within a network. Segmentation helps prevent against lateral movement and pivoting techniques. Reviewing these rulesets helps to understand any overly permissive rules or areas that are unnecessarily exposed.

What is Network Security Testing?

With the reliance on services such as Active Directory and the required effort and complexity to migrate to more modern solutions; network security testing (Penetration Testing) as we know it will roughly stay the same. Large payment systems or bespoke products and services necessitate the need for on-premise infrastructure. This allows them to run complex and custom workloads that don't fit into cloud-native solutions. Therefore, a large attack surface still exists and can not be abstracted away by modern cloud providers for the foreseeable future.

Network security is an extremely broad term and covers a range of topics not included within our listed services. However, we can offer a wide range of services outside of the common items listed above. If you have a problem that doesn't fit into one of our categories, reach out so we can discuss further.

Active Directory Review.

 

Active Directory (AD) is an unavoidable solution for any sizeable enterprise. It provides the fundamentals to centrally store, organize, and manage devices and users. Due to the rich and often complex feature sets that can extend Active Directory Domain Services (ADDS), organisations are often left unintentionally exposed to threats internally within their organisation.

A review of your Active Directory (AD) environment aims to identify any misconfigurations or attack paths within your internal network. Specifically understanding what an adversary with a foothold on your internal network could leverage to gain access to sensitive information, deploy ransomware, or achieve specific objectives.

A review of an AD environment typically consists of the following activites:

  • Enumerate the available attack surface and identify assessts of significance

  • Leverage Bloodhound to map out attack paths

  • Identify misconfigured or overly permissive ACLs

  • Review GPOs for misconfigurations

  • Kerberoasting and Relay-based attacks

  • Audit Activite Directory Certificate Services (ADCS)

  • Enumerate and abuse SCCM

  • Dumping credentials and password spraying

  • Credential reuse

  • Silver/ Golden ticket based attacks

  • Abuse MSSQL linked servers and trusts

  • Printer abuse

Server Host Reviews.

 

The idea of reviewing the Operating System (OS) of a server, whether that be Windows or Unix, is to gauge an understanding of its overall attack surface. When conducting a host review you can expect a consultant to aim to identify privilege escalation paths and general configuration hardening that can be applied to improve its overall security posture. A list of several areas that will be covered can be found below:

  • File permissions and ownership

  • Logging capabilities

  • Users and groups

  • Host-based firewall configuration

  • DLL path checks

  • Scheduled Jobs

  • Privileged Escalation Vectors

  • Outdated and Vulnerable Software

  • Running Services

  • Anti Virus Configuration

  • Registry Settings

Our methodology for conducting host build reviews encompassess industry standards such as NIST, ISO 27001 and the CIS Benchmark, combined with our expert knowledge and experience conducting these types of assessments.

Network Security Assessment.

 

Network Scanning

Network scanning aims to identify the security posture of an entire network or network segment, either internally or externally. Network scans are typically conducted from an unauthenticated, or low privileged perspective and can be used to identify vulnerable or misconfigured services on your assets.

Internal Network Security Assessment

An internal network assessment begins from the perspective of an “assumed breach”. The idea is to understand what a threat actor could achieve if they had got a foothold within your organisation. The position in which we start in the network can vary; either a users workstation, file server, mail server etc.

The objective is to extract credentials, leverage exiting remote access syetems and identify vulnerabilities to pivot further into the network. This is usually to acheive a specific objective or gain access to a specific network segment, however, it can be tailored to suit your requirements.

External Network Security Assessment

An external network assement aims to map out your external attack surface. From a range of IP addresses, several enumeration and reconniaisnce acitivites will be conducted including Open Source Intelligence Gathering (OSINT).

Once complete, scanning of the IP ranges will be conducted to identify live hosts. From there unauthenticated network scanning and manual exploitation of any exposed services or applications will be condcuted to try and achieve a foothold into the network.

However, this is not the only objective, any vulnerabilities found that did not lead to direct exploitation but still pose a risk to the organisation will also be raised in line with a strong defence-in-depth approach to security.

Firewall Configuration Review.

 

Firewalls form an important part to securing any internal network as they define traffic flows to and from sensitive assets. They are designed to ensure the configuration of network rulesets is secure and maintained over time. Typically as business requirements change and new devices and services are added over time, these rule sets can become affected, leading to unintentional gaps in protection.

FAQs

 

What is the process for conducting a penetration test?

A high-level methodology for conducting a security assessment can be found here.

How long does a typical engagement take?

The duration of an engagement depends on the size and complexity of your solution, the scope of the testing, and the specific objectives of the assessment. On average, an engagement can last anywhere from a few days to several weeks. Our team will provide you with a detailed timeline and schedule to ensure minimal disruption to your business operations during the testing process.

What deliverables can we expect from a penetration testing engagement?

At the conclusion of the penetration testing engagement, you will receive a comprehensive PDF report detailing the findings, vulnerabilities discovered, and recommended remediation steps. The report will include an executive summary, technical details of the vulnerabilities identified, risk prioritisation, and actionable recommendations to strengthen your security posture. Our team will also be available to provide guidance and support in implementing the recommended remediation measures.

What is a security assessment, and why do we need it?

Security assessments (Penetration tests) are a method of evaluating the security of computer systems, networks, or applications by simulating real-world attacks. It helps identify vulnerabilities and weaknesses that malicious actors could exploit. By conducting security assessments, businesses can proactively strengthen their security measures and protect their sensitive data from potential cyber threats.

How can I carry out a security assessment with you?

Get in touch! Use our contact form here and provide us with background and context on the project and we will get back to you to arrange a call.

How often should we conduct penetration testing?

The frequency of testing depends on various factors such as changes in your network infrastructure, the introduction of new systems or applications, regulatory requirements, and the level of risk tolerance within your organization. Typically, it's recommended to conduct testing at least once a year, but more frequent testing may be necessary for high-risk environments or industries.

Security assessments are flexible and can often benefit from the shift left approach to software development. Conducting smaller, more regular assessments as part of the development lifecycle. This can help catch vulnerabilities early in their lifetime before they make it into products or services.