The infrastructure of an organisation includes many standard components such as routers, firewalls, web, proxy and application servers, databases, and so on. If these components are not correctly configured and/or hardened, there is the possibility that third parties, using existing vulnerabilities, may cause damage in terms of availability, integrity and/or confidentiality. An infrastructure assessment identifies vulnerabilities in this category. During infrastructure assessment, Qbit often works from the outside to the inside.
Our security assessment come in different flavours. To gain insight in the level of security of infrastructure components like system software, operating systems and/or firewalls Qbit carries out so called infrastructure assessments. Qbit not only assesses if the component has known vulnerabilities, is incorrectly configured and/or insufficiently hardened, also clear and practical recommendations are provided. For example, considering the network segmentation.
The method used is based on the guidelines laid down in the Open Source Security Testing Methodology Manual
An infrastructure assessment has three modules:
- Reconnaissance (Open Source Intelligence)
- Remote host-assessment (penetration test)
- Local host-assessment