Vulnerability search and awareness raising
To assess the condition of the security of its infrastructure and identify what needed to be corrected, a medium-size industrial customer called in CNS.
BACKGROUND
Following a request from its CSR, the customer was seeking a security audit of its main industrial site and its head office. It also wished to assess the level of awareness of its employees to the risk of phishing.
APPROACH
CNS proposed a Grey Box approach. This means a minimum of documentation is provided to save time in the discovery phase of IT system components and to focus on the vulnerability of components.
Search for internal vulnerabilities
Scan for vulnerabilities associated with component versions (servers, network equipment, printers, CCTV, etc.)
Inspection of access points available from a user workstation
In-depth analysis of the Active Directory configuration
Review of password strength against a brute force attack using custom dictionary
Review of ISO security of workstations
Review of wireless network security (internal and guest)
Search for external vulnerabilities
Search for vulnerabilities on website
Security analysis of remote work solution and partner access points
Review of wireless network security from outside
Phishing campaign
Assessment of user awareness of cyber-security and social engineering using a global phishing simulation campaign and a more specific one targeting the finance department
Data analysis and conclusions
RESULTS
The customer received several deliverables from CNS::
- a detailed report listing the security vulnerabilities and their consequences
- CNS recommendations in order of priority to resolve the issues
- an estimate of the workload necessary and the related costs
