Pentest Logo

Insight

Internal infrastructure test to take away?

COVID-19 has meant that traditional onsite testing (such as internal infrastructure testing) is just not possible, and like many other organizations, we’ve had to adapt quickly, continuing to support our clients during this difficult time in whatever way we can.

So, how are we able to conduct internal infrastructure tests without being physically onsite? We have a couple of options: a pre-configured box approach or VM approach. Both options allow us to have our tools running locally on your network, rather than having to tunnel everything over a VPN connection, which can introduce technical problems.

Each option has its benefits and we work with clients to understand which method is best suited to individual requirements. Where clients have not wanted to set up a VPN, the pre-configured laptop solution has provided an alternative option.

The pre-configured laptop approach is an internal test which takes an external approach. Instead of sending a consultant onsite, a pre-configured device will be sent to the client, this device is physically connected to the internal network and will ‘call-home’ automatically, provided a suitable secure network route can be established. This allows our consultants to conduct the internal test remotely, via a secure connection.

Sounds great, so why don’t we do this for every internal infrastructure test? Well, firstly there are limitations on what can be tested through a pre-configured laptop approach and we are not able to cover all the aspects of infrastructure testing that we usually would. Secondly, and this is one for post lockdown, clients often benefit from having someone physically onsite to explain the issues whilst the test is ongoing, passing on their wealth of expertise. Thirdly, companies may be concerned about the idea of introducing an additional route into their network, or may have policy restrictions which prevent non-approved devices being connected to the corporate network. This could be the case when information held on a network is highly sensitive and clients don’t want to introduce further risk.

We know this approach isn’t right for everyone, however it can be extremely beneficial to organizations who continue to need security assurances around their internal infrastructure when having consultants onsite is either impractical (geographically remote locations) or due to restrictions (such as lockdown).

Looking for more than just a test provider?

Get in touch with our team and find out how our tailored services can provide you with the cybersecurity confidence you need.