WHAT IS A REMOTE ACCESS SECURITY ASSESSMENT

A Remote Access Assessment evaluates the security of the systems which your organisation uses to provide your staff members with the remote access they need to conduct their day to day activities when outside of the office.

WHY CONDUCT A REMOTE ACCESS ASSESSMENT?

A remote access solution could take on a number of forms such as a Virtual Private Network (VPN), Citrix Virtual Desktop, Remote Desktop Web Client as well as a number of other solutions and protocols which provide your staff members with remote access to your organisations network and services.

As Remote Access solutions are intended to be remotely accessible, they are also accessible by automated tools and malicious attackers seeking to acquire access to systems, services and sensitive data.

A remote access penetration test aims to ensure the security of these solutions from a number of differing attack vectors and the assessment is often conducted from an unauthenticated and authenticated perspective to review your security from these alternative perspectives.

The unauthenticated assessment can help to ensure that attackers do not gain access to the service. A combination of methods can often be used to generate a likely list of usernames for these remote services. With this list in mind an attacker can target the weakest configured passwords for your users in an attempt to gain access to your services and infrastructure.

In many cases this initial access can be used to then connect further into your organisations network and begin targeting internal resources and services for additional vulnerabilities and attacks.

The authenticated assessment can aid your organisation to minimise any risk or damage which could be achieved if an account is ever compromised. Using targeted methods in an attempt to identify security issues which will allow an attacker to break out of restrictive environments, gain access to additional functionality, gather sensitive data and achieve privilege escalation.

    OUR APPROACH

    As part of our approach, our Penetration Testers use a combination of the most effective automated tools and manual exploitation techniques to identify vulnerabilities within your remote access solutions. Our extensive reports provide a thorough assessment of each vulnerability and provide business context alongside each finding.

    This is supplemented by technical and non-technical descriptions including evidence of exploitation to assist in prompt remediation activities and provide a thorough understanding of each issue.

    KEY BENEFITS

    A Remote Access Penetration Test and report will allow your business to:

    Receive assurance around the security posture of your remote access solutions.
    Make ongoing improvements to the secure implementation of your remote access solution via specialist support, advice and consultancy.
    Adhere to regulatory bodies who require Remote Access Penetration Testing to be performed.
    Gain access to a dedicated team of specialist CREST Registered penetration testers who use the latest tools and techniques to accurately assess and identify emerging threats

    FAQs

    1. What is the difference between an External Assessment and a Remote Access Assessment?

    An External Security Assessment is designed to evaluate every system and service which you have exposed to the internet and assess the security from an unauthenticated perspective.

    Remote Access Testing is a more targeted evaluation typically conducted from both an unauthenticated and authenticated perspective to determine access methods and privilege escalation methods which an attacker may exploit.

    2. Why do I need a Remote Access Assessment?

    If your organisation utilises a Remote Access solution your chosen solution can come under attack from a number of automated and targeted attacks. To ensure your systems are safeguarded against these threats a Penetration test can help you to identify any issues which may be exploited by malicious attackers.

    3. What Remote Access Solutions can I have tested?

    Precursor Security have experience testing a wide variety of remote access solutions and there are a number of security tests and best practice guidelines which can be applied to any solution which has been implemented.

    Our Penetration Testers can work with you to determine a scope of work and testing methodology which works for you, to ensure a rigorous assessment can provide assurance for your implemented solution.

    4. What will I receive after the test has been completed?

    The deliverable from any Remote Access Test is a complete report, detailing and contextualising each identified vulnerability against your business and relaying the risks that each issue poses to your systems and services.

    The report provides a complete description of what each identified issue is, specific remediation advice on how to address the issue, and detailed evidence, wherever necessary to verify the issues impact.