How to perform an internal penetration test in the
Covid-19 era

About Project

As we all know, Covid-19 has changed our personal and professional lives. In the penetration testing profession, the most obvious obstacle during the pandemic is the internal penetration tests. This type of assessment (as the name suggests) requires on-site presence to the client’s premises in order to connect to their internal network and perform the tests. So how did we manage to perform the work and keep everyone safe?

Problems to be Addressed

01
Remote - No Physical Presence to customers headquarters
02
Compatible - Layer 2 implementation so we can perform all our tests seamlessly
03

Secure - Zero compromise on security

04

Scalable - Multiple users from different locations

Image

Solution

Image

The solution was found in the use of -you guessed it- technology! We used a MikroTik router which connects back via a EoIP over SSTP tunnel to our offices, giving any member of the team access to the client’s network (full technical details in the publication roadwarrior). And this actually worked pretty seamlessly! It also gave us the advantage to perform scanning overnight (if the client was okay with that) as well as bigger timeframe to work on the project because we did not have the commuting etc.

Diagram Overview

Image

Results

We have tested the solution for a large global company as well as for local smaller ones. The clients were happy because they had their deadlines, and they really wanted the internal pentest to go ahead amid the pandemic. From our side also it was also a very good experience and it showed us that internal pentest can be done remotely. This was a solution we were thinking about even before Covid but when the convenience became necessity, we brought it into realization.

Limitations

The only limitation with this project was the reluctance from some clients (especially in the banking sector). In this case of course we respected the client’s decision, and we performed the penetration test in a later stage (after lockdowns were lifted).

Work with us

Learn more about us or
Book an online appointment!

Image

Next level IT infrastructure
& Security services.

© 2023, QSecure
Image

Next level IT infrastructure
& Security services.

© 2023, QSecure

Head Office

109 Prodromou Str. (Office 101),
2064, Strovolos Nicosia, Cyprus

Contact Info

info@qsecure.com.cy
Ph: (+357) 22 028014

Head Office

109 Prodromou Str. (Office 101),
2064, Strovolos Nicosia, Cyprus

Contact Info

info@qsecure.com.cy
Ph: (+357) 22 028014
Follow Us -