Pinpointing a small but significant security weakness in a complex IT infrastructure

A complex IT infrastructure requires a rigorous focus on information security, but even when this is present, a single issue missed can expose data assets to danger. This is the type of vulnerability a complete infrastructure assessment can reveal.

Our client’s infrastructure used a variety of devices and technologies such as routers, firewalls, VPNs, Citrix environments and a multitude of servers and different end user systems. The company asked us to carry out a comprehensive assessment to confirm that this complex environment was sufficiently protected from potential cyber security threats both internally and externally.

We scanned and analysed the external infrastructure for potential vulnerabilities and also spent time on site at both of the client’s offices, assessing the security of the internal network and of the wireless networks.

We found the overall security posture to be good. We were unable, for example, to compromise the client’s wireless networks when we mounted attacks to try to discover the clear text passwords. We did, however, pick up a single but potentially serious issue at one of the company’s offices. This related to weak permissions on accessible network shares that could help an attacker acquire escalated privileges on the domain.

Following our assessment, our penetration testing experts delivered a detailed remediation report for each of the client’s two offices to allow the issues we had identified to be addressed site by site and ensure none was missed. We also produced an additional report covering the client’s perimeter security, analysing each issue meticulously and recommending remedial action. Our report showed that fixing the single, most serious issue identified would resolve a range of other issues, allowing the client to improve network security significantly with relatively little effort.

Our work gave the client a clear picture of the effectiveness of security arrangements and pinpointed a single issue within a complex environment that compromised an otherwise strong security posture.

If your business requires a vulnerability assessment, speak to one of our cyber security experts today about technical security and penetration testing capabilities. 

If you would like to develop your own knowledge and skills in the latest growing information security testing techniques, then find out about our range ​of expert-led cyber security training courses.​