Establishing a clear picture of security loopholes in our client’s IT infrastructure

Our client asked us to perform a time-limited internal and external host discovery exercise on the infrastructure for two companies, including an internal and external infrastructure assessment of the identified hosts.

We identified 3,500 active hosts from an IP pool of 9,000 and then performed an external assessment on these hosts to locate vulnerabilities that an attacker could exploit. Next, we carried out an unobtrusive scan of the active hosts from an internal perspective. The aim of this phase was to identify any open ports on the hosts that were not visible during the external assessment and to reveal sensitive applications accessible from the internal network.

Based on the overall assessment we found the security of the company's infrastructure to be fair, although we identified a number of high-risk issues that needed to be addressed as soon as possible. These included a situation where documents containing client names, addresses and contact information were located on an external-facing host.

We also found several hosts running outdated software, making them vulnerable to attack, as well as files containing information about the system’s configuration that an attacker could use to gain authorisation to access a service or host. Finally a series of hosts allowed direct connection to MySQL databases over the internet, which meant customer data, user and administration credentials and credit card data were inadequately protected.

Our work gave the client a clear understanding of the flaws and loopholes in its infrastructure and a detailed set of recommendations to improve security controls and raise the level of security awareness across its technical team.