Areas
 

IT infrastructure as a concept has been rapidly evolving and expanding. We have been involved in pushing the development of security within modern infrastructures for several years.

Blog

Common infrastructure issues - 2022

We see an increased ambition for penetration testing of networks and infrastructure and want to share the five most common security issues that we've seen during 2022.

Domains, networks, appliances, servers, client devices, etc. constitute a major part of an organization's attack surface. If given an initial foothold on a system within the bounds of a domain, an attacker can often elevate privileges and traverse the network. This is most of the time due to: a lack of proper network access control; users with weak passwords and/or excessive privileges; services running with old and vulnerable software; and very often a lack of detection and response when something unexpected happens.

Adversary simulation vs infrastructure penetration tests

If you have a Security Operations Center (SOC), a Security Information and Event Management (SIEM) system or similar you would want to assess and evaluate your processes. You would also want to know your gaps in detection capabilities and get qualified recommendations on how to improve them. Adversary simulation can be executed either in cooperation with your security operations to identify weaknesses and help mitigating them, or acting as a real attacker to additionally test your organization's (Blue team) response capabilities. These approaches are commonly known as Purple and Red team penetration tests, respectively.

If you're not ready for an assessment of detection and response, and just want to know your infrastructure's weaknesses and how to mitigate them, we recommend a penetration test.

In both cases, we assume the role of an attacker - often equipped with a low privileged user in the domain/network - to, for example:

  • conduct scanning and enumeration of services and network devices;
  • exploit weaknesses related to misconfigurations and vulnerable services;
  • elevate the user privileges from low to Enterprise or Domain administrator rights;
  • move laterally in the network and gain persistence;
  • access any critical infrastructure resources.

The process and identified weaknesses will be documented and delivered in a report and a presentation. When the issues have been resolved or mitigated, we usually conduct a verification test and review the report accordingly.

Security awareness

To better protect your assets you need to make sure your users are aware of security risks and how to avoid common pitfalls. We therefore offer a range of trainings, presentations and workshops, often in conjunction with practical exercises such as phishing campaigns, technical labs and threat modeling sessions. We teach best practices for securing networks and applications as well as security testing methodology.

Threat Landscape Assessments

Knowing your internal IT infrastructure is one thing, but also knowing your online footprint and what you as an organization exposes to the world, within reach of any cunning Open Source Intelligence (OSINT) analyst, is crucial to keep your assets secure. We regularly perform Threat Landscape Asessment (TLA) which is a good measure of an organization's exposure and online security posture and is really quick and efficient, especially when performed on a regular basis.

General advisory

We are often tasked with giving our opinions on best practices and how to address discovered security issues in an advisory role. Our expertise in network security, Windows/Azure domains, server hardening and more can be utilized on a wide range of questions.


Contact us if you are interested in our services regarding IT infrastructure security.