Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Remote Access Assessment

Whether it's mobile workforce or remote support teams, ensuring security of the remote access setups is business critical

Find out more
Complete this form to get in touch

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

Increasing cloud implementations are paving way the for flexible working options not restricted to corporate networks. For any corporate, round the clock support teams, mobile workforce or third parties are increasingly dependent upon the remote access solution to access internal resources. This direct access to internal networks from outside acts as an opportunity for threat actors. This is a high business impact threat.

A remote access solution may include multiple different setups for one business i.e..., SSL VPNs, Citrix or Remote Desktop Protocol (RDP) based access or other service specific access solutions.

In our experience, most common areas of weakness in these exercises relate to network segregation, authentication vulnerabilities, authorization weaknesses, defensive measures and lack of logging and monitoring controls.

Why you need Remote Access Assessment?

  • Application breakout tests provided by VDI's such as Citrix, RDP jump boxes in virtualized environments are amongst the common risks. These allow an attacker to abuse a published application to launch other programs.
  • Remote access solutions are responsible for protecting the confidentiality of your data. You need technical assurance against this aspect, whether it is adhering to PCI DSS 8.3, 8.5.6 and 12.3 requirements or part of your proactive approach.

Methodology

Reporting

The assessment-execution phase is followed by the analysis & reporting. Defendza performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels. 

The pro-active approach towards security

Cybersecurity is only effective when it is proactive. By identifying weaknesses and vulnerabilities before they are exploited, you ensure the integrity of your network. Frequent security assessments also create a more efficient system, helping to prevent data loss and minimise any downtime that would affect your business and your customers.

Logging

Event logging provides you visibility into the operation of your device and the network into which it is deployed. We review how the logs are configured and stored for all the devices under review

The very purpose of security is to be proactive and make it challenging for a threat actor attempting to compromise your network. This might not be enough and you need to able to detect the actual breaches as they are being attempted. Reviewing logs regularly could help identify malicious attacks on your device or network in general.

A fresh set of eyes

No one doubts the talent and commitment of your in house administrators and developers, or the great work they’re doing. But, by having a third party come in and perform an independent cybersecurity audit and review of your systems, you can ensure that no stone is left unturned. Our team of skilled cybersecurity experts will help to identify any vulnerabilities and weaknesses your team may have missed.

Ingress and egress firewall rules assessment

Checks would be made for the outbound connections to our cloud based droplets. The aim is to identify possibilities for leaking sensitive information from the locked down environment.

Host based protection

Attempts to download simple virus string within the remote desktop environment to assess host-based protection in place. If AV is present, identify the signature status and review the setting applied to this software.

Authentication

Review the authentication mechanism in place for remote desktop users. At times, some services, systems or even servers are configured only to use a weak form of authentication (such as a default or a weak password). This is inherently insecure compared to multi-factor authentication and may lead to security breaches if a user’s password is compromised. 

Shared drive /folder access

Often remote users have similar access to internal users and are provided access to all the internal shared drives and folders. A check will be in place to ensure if this is the case

Internal network access

Attempts would be made to recon internal network from the lockdown session established. This is to assess internal network routing in place as well as the remote user segregation applied to the session.

Environment Breakout

Environment breakout is the ability to break out of an otherwise
controlled environment or a published application. This is often the end-goal for an
Attacker because this can be used as an initial foothold into the environment,
and domain. In fact, given enough time, complete enterprise compromise can
be achieved if the attacker discovers methods to privilege escalation and
propagate throughout the network.

VPN Authentication Review

From the knowledge gained about the VPN solution /hardware in use, we would then focus on the type of authentication implemented. It is important to keep in mind that not every VPN solution will be susceptible to this fingerprinting, and there will not always have exploits available for a threat actor to use. However, it can reveal some basic information about the solution itself, such as the authentication mechanism implemented, which could aid a potential attacker to plan a brute force or key hash (PSK) capture attack. There are several open-source tools and software available which will automate the process of exploiting specific weaknesses in a VPN.

Discovery

In this phase, we profile the target, i.e. a network, a server, or a device. This is a non-intrusive exercise and involves activities like analysing the network, understanding the different assets and services, operating systems, programs in use, and anything related to network layout. This is a fundamental step and helps to prepare for the next stage of finalising targets and finding weaknesses.

Schedule a FREE consultation call
Call Us Now

Why Defendza ?

Thorough Analysis and Reporting

Our reports are comprehensive and include all the evidence that supports our findings. We give you a risk rating that considers how likely an attack is as well as the impact it could have. We don’t create panic scenarios. Our mitigation is detailed, covering both strategic and tactical areas to help our clients prepare a remediation plan.

Custom tools and scripts

Apart from the range of commercial and open source tools available for specific testing, our team has its own custom scripts for efficient testing. We provide accurate results to make sure our clients completely understand any vulnerabilities we report.

In-house experts

Our teams are led by veteran security consultants accredited by CREST standards for the last several years. Our experience shows that our clients are best served by giving them the right advice for their cyber security needs. We do not believe in spreading fear, uncertainty and doubt to generate more business.

Key Benefits

Let us handle your security concerns
Call Us Now

Testimonials

"My experience to date with Defendza has been very positive, I look for a flexible, knowledable security "partner" when I engage a PT firm. Pentest means many things to many people and there are many different use cases for both the testing activity and the report generated and I need someone to work with me to get the absolute best value out of my security budget."

Information Security Officer
Insurance Group

Excellent people to work with. Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site."

Head of Technical & Business Improvement
Leading Pharmaceutical Manufacturer

"I thought it was a highly professional and thorough exercise and I would have no hesitation recommending Defendza to any of my connections."

Director, Software Engineering
Global Information and Analytics Company

"Good personal service. We are delighted with the work Defendza did for us. Highly recommended."

CTO
Manchester headquartered Global Fashion Brand

"Extremely satisfied with approach, speed and end results. Thanks."

COO
International fashion label and store

"My experience of the Defendza team was 5 star.  They were so helpful, and their technical delivery and client communication were excellent."

Director, Software Development
Corporate Services Company

Resources

Manufacturers Can’t Afford the Cyber Risks

09/06/2019

Much of the manufacturing industry has failed to take proactive steps to defend against cyber attacks—which is a notable problem considering the growing threats the industry faces