Use Our Offense to Inform Your Defense
Remote access security assessments help an organization gain a clear understanding of the risks facing their information assets when trusted insiders (or their compromised accounts) connect from devices and locations outside of the traditional network perimeter, as well as the public exposure created by deploying remote access technologies offering connectivity to the internal network. These technologies include legacy dial-in access systems, as well as IPSec and SSL VPN solutions.
Whether a high-level overview or a thorough, in-depth review is desired, DISD works with your staff to produce prioritized findings, recommendations, and remediation or mitigation steps to fit your organization's profile.
DISD performs remote access security assessments according to a well-developed and refined methodology, in order to provide thorough, accurate, and reproducible results. Remote dial-in access security tests begin with footprinting externally-accessible phones and systems. DISD works with your staff to identify a target range of numbers and exchanges that can be used to connect to the organization’s network via public phone (PSTN) lines. Consultants then connect to all lines in the target range, and classify each as either voice, fax, or a data carrier (modem) system. Automated software is utilized to efficiently gather information about modem systems including hardware platform and operating system. DISD then attempts to gain remote access to systems and internal networks connected via modems using common or weak authentication credentials, in order to test legacy network defenses and classify the level of risk to your organization posed by these connections.
Activities involved in a remote dial-in access penetration test include, but are not limited to:
- Target line identification
- Automated, parallelized line dialing and classification
- Data carrier enumeration
- System banner grabbing and fingerprinting
- Password guessing
- (optional) Authenticated system compromise and escalation
DISD works with our customers to identify the goals of security assessments prior to testing, and is available to assist in remediation efforts upon request.