External infrastructure

By external infrastructure, we mean everything that can be reached from a company via the Internet. Due to public accessibility, there is a correspondingly large attack potential. Almost every company has interfaces to the outside, for example through VPN servers, mail servers, and cloud infrastructure.

By the way: Through Attack Surface Determination (OSINT), we find out what is visible from your company to the outside, and in the Mail Security Check, we test the security of your mail servers.

Why Pentests of External Infrastructure

s
Our most important reasons for pentests of external infrastructure:

  • Uncover vulnerabilities that allow access to the internal corporate network before attackers do
  • Know where and what information is visible externally—for example, details about deployed software that attackers could use to return and attack in a targeted manner in the case of zero days
  • Uncover fundamental misconfigurations in the mail server that allow delivery of emails from spoofed senders or verification of valid email addresses
  • Assess the risk of an attack
  • Know and reduce the attack surface

 

When to Conduct Pentests of External Infrastructure

In our view, the best times are:

  • As a starting point to address the security of your external network
  • During infrastructure changes
  • Regularly, to test vulnerabilities against new attack methods
  • In addition to pentests, regular automated vulnerability scans are recommended, which can detect vulnerable software versions, for example

 

Results

i

Typical pentest results are:

  • Rather rare, but all the more important: vulnerabilities that allow access to the internal infrastructure
  • Assessment of the security level of the external infrastructure
  • Deficiencies in mail server configuration
  • Hardening deficiencies

 

What we need from you

For the pentest of an external infrastructure, we need from you:

  • IP addresses of the systems we should examine
  • Whitelisting of our IP address in any protective systems, Web Application Firewalls (WAF), and Intrusion Prevention Systems (IPS)

 

Book a free initial consultation now

Whether it’s a pentest, red teaming, or “something in between”—
we look forward to talking to you!

Contact
Configurator