Security Testing of Corporate Network

PROJECT OVERVIEW

The company developed a corporate network to store user and corporate data. The network was also developed as a communication channel for the employees. The company addressed A1QA to ensure the security of the product. Major points were to secure corporate data and protect internal infrastructure from unauthorized access.

In the course of the project the testing was divided into two parts. The passive scanning was performed during business hours, while the active testing phase was organized outside the working hours.

DoS attacks were run during limited and preliminary agreed hours, remote access to the network was provided via VPN connection.

The QA team was scaled up in order to accelerate the testing procedures. Scripts development for the automation of manual checks was implemented to increase the test efficiency.

At the end of the testing period the specialists created detailed defect reports and elaborated security recommendations.

The project was completed successfully and the client was willing to prolong cooperation. 

SERVICES OFFERED
  • Security Testing
TECHNOLOGIES & TOOLS
  • Unix
  • Red Hat Linux
  • Debian
  • Windows Server 2012
  • SQL Server
  • PostgreSQL
  • LDAP
  • SharePoint
  • DNS
  • Snort
  • MySQL
  • Cisco
  • Nmap Project
  • Nessus Vulnerability Scanner
  • Kali Linux
  • Kaspersky Lab
  • Metasploit
  • RSA Security Analytics
  • PortSwigger Web Security
  • Rapid7 Nexpose
  • XSpider
  • OWASP
CHALLENGES AND SOLUTIONS

Incorrectly set-up system:

  • The team analyzed configuration of network devices
  • Specialists checked compliance with manufacturer recommendations
  • A1QA met industrial and international standards.

The production environment was unavailable during business hours:

  • File configuration was analyzed
  • Active network scanning outside working hours was performed.

Non-defined system vulnerabilities:

  • The team ran penetration testing.
RESULTS
IN NUMBERS
  • 11
    person-months in project efforts
  • 2000
    pages of written documentation
  • 4500
    configuration tests performed
  • 4
    QA engineers on the project