Network Pentesting for an MSP to Prevent Man-in-the-Middle and DoS Attacks

About Our Customer

The Customer is a managed services provider (MSP) with over a decade of experience in IT support, network security, and disaster recovery.

Reliable IT Security Vendor Needed for Independent Pentesting

Having hands-on experience in cybersecurity, the Customer knows the value of independent audits in ensuring the security of IT assets and sensitive data. The company was looking for an experienced vendor to evaluate the cyber protection of its external and internal networks. Trusting our 20+ years in cybersecurity, the Customer turned to ScienceSoft for an unbiased security evaluation.

Black and Gray Box Pentesting Revealed Low Security Level

ScienceSoft examined the perimeter of the Customer's network using the black box approach: our experts simulated the actions of an attacker who had no prior knowledge about the target. As a result, they detected two medium-severity vulnerabilities across the 12 publicly accessible IP addresses. A hacker could exploit these vulnerabilities in a man-in-the-middle attack to capture sensitive data exchanged between the client and the server.

The next stage was gray box pentesting of the Customer's intranet (44 IP addresses) under low-privilege user credentials. The pentesting revealed one high-severity, one medium-severity, and three low-severity issues, including broken access control to SMB shares and outdated software. The vulnerabilities could allow an intruder to obtain sensitive information, modify data, or cause a denial of service.

To fix the security issues revealed during the tests, our experts recommended the following remediation actions:

• Removing admin credentials, private keys for certificates, information about customers, and other sensitive information from the SMB shared resources.
• Implementing role-based access control to prevent low-privilege users from accessing the backup and storage shares.
• Updating obsolete and vulnerable software components to their latest versions to eliminate over 20 known vulnerabilities found across four hosts.
• Replacing the deprecated and vulnerable TLS 1.0 and lower protocols with TLS 1.2 or TLS 1.3.
• Blocking access from the internet to the services that use unsecured ports and configuring access to the local resources via VPN, proxy, or jump host.

During the project, ScienceSoft performed network pentesting following OWASP Web Security Testing Guide and NIST 800-115 and assessed and classified the vulnerabilities according to OWASP TOP 10 and NIST CVSS.

Network of 56 IPs Tested and Fortified in Just 10 Days

ScienceSoft completed black and gray box pentesting of the Customer's public and private networks in less than two weeks. Our remediation recommendations helped the company ensure the high security level of its networks, which was confirmed during a retest round.

Technologies and Tools

Acunetix, cURL, ike-scan, Metasploit, Wireshark, Nessus, Burp Suite, Nmap, DirB, CrackMapExec, smbclient, Telnet, SSLScan, TLSSLed, Python, C, Perl.