Whether it's mobile workforce or remote support teams, ensuring security of the remote access setups is business critical
Increasing cloud implementations are paving way the for flexible working options not restricted to corporate networks. For any corporate, round the clock support teams, mobile workforce or third parties are increasingly dependent upon the remote access solution to access internal resources. This direct access to internal networks from outside acts as an opportunity for threat actors. This is a high business impact threat.
A remote access solution may include multiple different setups for one business i.e..., SSL VPNs, Citrix or Remote Desktop Protocol (RDP) based access or other service specific access solutions.
In our experience, most common areas of weakness in these exercises relate to network segregation, authentication vulnerabilities, authorization weaknesses, defensive measures and lack of logging and monitoring controls.
The assessment-execution phase is followed by the analysis & reporting. Defendza performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels.
Cybersecurity is only effective when it is proactive. By identifying weaknesses and vulnerabilities before they are exploited, you ensure the integrity of your network. Frequent security assessments also create a more efficient system, helping to prevent data loss and minimise any downtime that would affect your business and your customers.
Event logging provides you visibility into the operation of your device and the network into which it is deployed. We review how the logs are configured and stored for all the devices under review
The very purpose of security is to be proactive and make it challenging for a threat actor attempting to compromise your network. This might not be enough and you need to able to detect the actual breaches as they are being attempted. Reviewing logs regularly could help identify malicious attacks on your device or network in general.
No one doubts the talent and commitment of your in house administrators and developers, or the great work they’re doing. But, by having a third party come in and perform an independent cybersecurity audit and review of your systems, you can ensure that no stone is left unturned. Our team of skilled cybersecurity experts will help to identify any vulnerabilities and weaknesses your team may have missed.
Checks would be made for the outbound connections to our cloud based droplets. The aim is to identify possibilities for leaking sensitive information from the locked down environment.
Attempts to download simple virus string within the remote desktop environment to assess host-based protection in place. If AV is present, identify the signature status and review the setting applied to this software.
Review the authentication mechanism in place for remote desktop users. At times, some services, systems or even servers are configured only to use a weak form of authentication (such as a default or a weak password). This is inherently insecure compared to multi-factor authentication and may lead to security breaches if a user’s password is compromised.
Often remote users have similar access to internal users and are provided access to all the internal shared drives and folders. A check will be in place to ensure if this is the case
Attempts would be made to recon internal network from the lockdown session established. This is to assess internal network routing in place as well as the remote user segregation applied to the session.
Environment breakout is the ability to break out of an otherwise
controlled environment or a published application. This is often the end-goal for an
Attacker because this can be used as an initial foothold into the environment,
and domain. In fact, given enough time, complete enterprise compromise can
be achieved if the attacker discovers methods to privilege escalation and
propagate throughout the network.
From the knowledge gained about the VPN solution /hardware in use, we would then focus on the type of authentication implemented. It is important to keep in mind that not every VPN solution will be susceptible to this fingerprinting, and there will not always have exploits available for a threat actor to use. However, it can reveal some basic information about the solution itself, such as the authentication mechanism implemented, which could aid a potential attacker to plan a brute force or key hash (PSK) capture attack. There are several open-source tools and software available which will automate the process of exploiting specific weaknesses in a VPN.
In this phase, we profile the target, i.e. a network, a server, or a device. This is a non-intrusive exercise and involves activities like analysing the network, understanding the different assets and services, operating systems, programs in use, and anything related to network layout. This is a fundamental step and helps to prepare for the next stage of finalising targets and finding weaknesses.
Our reports are comprehensive and include all the evidence that supports our findings. We give you a risk rating that considers how likely an attack is as well as the impact it could have. We don’t create panic scenarios. Our mitigation is detailed, covering both strategic and tactical areas to help our clients prepare a remediation plan.
Apart from the range of commercial and open source tools available for specific testing, our team has its own custom scripts for efficient testing. We provide accurate results to make sure our clients completely understand any vulnerabilities we report.
Our teams are led by veteran security consultants accredited by CREST standards for the last several years. Our experience shows that our clients are best served by giving them the right advice for their cyber security needs. We do not believe in spreading fear, uncertainty and doubt to generate more business.
Much of the manufacturing industry has failed to take proactive steps to defend against cyber attacks—which is a notable problem considering the growing threats the industry faces
