A company with 500 employees contacted us to check their IT-infrastructure and internal networks for security vulnerabilities. We offered a penetration testing service, which comprised of a security assessment of the website (including DDoS resistance testing), testing of the internal network and updating the company’s security policies check.
Our security experts rented an apartment in a neighbouring building to be within coverage of the Company’s WiFi zone and using social engineering methods managed to acquire a WiFi password from the company’s internal network. As a result of these activities our experts managed to obtain:
- logins/passwords for mail services
- access to internal FTP servers with the Company work projects
- cybersecurity information sheets were printed from unprotected printers
- access to video surveillance systems inside the office
Following the results of our work, the Customer fixed the detected vulnerabilities, conducted training sessions on cybersecurity for its employees and optimized the protection of its infrastructure.
What was installed and configured?
- Computer security policy on the network using Active Directory
- A policy of issuing access to the corporate network and wi-fi
- Restricted access to private development resources on the internal network.
- A policy of secure access and access control to office premises and servers