> Back to all services

Perimeter Security Assessments
and Penetration Tests

Host Security

When assessing Host Security, we look for known vulnerabilities, missing patches and outdated services. It's surprisingly common to find that the host might be fully updated and secured, but a web plugin might be left at an old version, with a known vulnerability available to an attacker. Assessing a host or group of hosts is generally a relatively simple exercise, remediating any issues found can either be taken on by your team, or the hosts can be secured in a cooperative effort.

Firewall Services

In a Firewall assessment, we look at your firewall configuration. We start by looking for any known insecure services that are exposed to the untrusted sources, as well as any legacy services - rules that are configured on the firewall but do not have a corresponding host or service on the network. Equally important, we'll assess your firewall configuration against recommended or best practices settings. In most cases we can use vendor-agnostic recommendations, such as those posted by the Center for Internet Security, in conjunction with years of experience and input from your business requirements and processes.

Application Services

While not a full Web Application Assessment, a basic application assessment will generally be part of any perimeter assessment. A basic application assessment will look at the server configuration, exposed services, configuration of HTTPS and certificates, and in particular older installed web applets, plugins, libraries or APIs that are running an out of date version or are otherwise known to be vulnerable to attack or exploits.

Inside / Outside Assessments

In an engagement of this type, we simultaneously assess the target hosts from both the public internet and from the inside network, usually with credentials. While a real attacker only has access to your internet-facing perimeter, they also have infinite time to attack. An Inside / Outside assessment gets the most assessment work done for the least amount of time and budget.

Penetration Testing

In an external Penetration Test, we use all intelligence available to break into or compromise the various perimeter services. Normally the goal is to gain an internal or privileged position on the host(s) or network, but the end goal of a penetration test will often vary from engagement to engagement. The goal is normally to use assessment and attack techniques to compromise one or more security controls. Full Penetration Tests are not normally recommended as a first step in any security program.