Our client, a major investment authority, wanted to be confident that its internal network was adequately secured. So we conducted in-depth penetration testing across the network, covering a wide range of IP addresses, servers and workstations. Our testing found overall security on the network was poor and we identified many scenarios where it was possible to exploit vulnerabilities to gain privileged access to the network.
For example, we were able to gain access to the main corporate network by exploiting poor security for the wireless network. In addition, we found the latest security patches had not been installed on many of the hosts, with some missing patches dating back a number of years. As a result, we were able to exploit the client’s systems with very simple 'point and click' techniques. Other issues we found included out-of-date versions of third-party software, which allowed us to exploit remote code execution, and poor configuration of Windows servers, which made it to compromise the entire Windows domain.
A key flaw lay in the use of a flat network structure, which gaves all users access to all network areas, including the management of internet phone services. We recommended that the network should be segregated using VLANs and/or internal firewalls and helped the client identified the most critical and sensitive segments that required priority action.
Our work alerted the client to the high-risk issues affecting the network and provided detailed recommendation for resolving them in order to strengthen network security.
If your business requires a vulnerability assessment, speak to one of our penetration testers today or read more about our technical security and penetration testing capabilities.
If you would like to develop your own knowledge and skills in the latest growing information security testing techniques, then find out about our range of expert-led cyber security training courses.