{"id":8201,"date":"2024-07-22T13:27:33","date_gmt":"2024-07-22T11:27:33","guid":{"rendered":"https:\/\/smarttecs.com\/cyber-security\/services\/penetration-tests\/it-infrastructure\/"},"modified":"2025-07-02T14:27:37","modified_gmt":"2025-07-02T12:27:37","slug":"it-infrastructure","status":"publish","type":"page","link":"https:\/\/smarttecs.com\/en\/cyber-security\/services\/penetration-tests\/it-infrastructure\/","title":{"rendered":"IT infrastructure"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
You are here:<\/div>
  1. Home<\/span><\/a><\/li>
  2. Page<\/span><\/li><\/ol>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    IT infrastructure<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    IT infrastructure testing<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    IT infrastructure testing refers to the investigation of software systems and IT landscapes at network level from the perspective of a malicious actor.<\/p>\n

    The simulation of malicious activities to identify vulnerabilities is carried out via the public Internet or from a company’s internal network and includes, for example, the investigation of network components (e.g. servers, routers or firewalls), network protocols and network services (e.g. Active Directory, SSH, SNMP, IMAP) or remote maintenance and network access (e.g. VPN access) as well as protective measures at network level (e.g. network segmentation). <\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Why penetration testing?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Due to the ongoing digitalization of business processes in particular, more and more business-critical areas are accessible via the public internet. Adequate protection against malicious attackers is therefore important in order to avoid potential technical and financial damage (e.g. due to data loss, restriction of availability). <\/p>\n

    With the help of IT infrastructure testing<\/em>, vulnerabilities within a network can be identified by simulating malicious activities in order to determine existing security risks for applications and their users. By recommending specific measures to eliminate identified vulnerabilities, the software quality in the area of IT security can be increased and adequate protection against successful attacks can be guaranteed. <\/p>\n

    In general, security tests can be used to check the following protection goals [1] according to the German Federal Office for Information Security (BSI):<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t
    \n\t\t\t\t\t
    \t\t\t
    \n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tConfidentiality\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \u201cConfidentiality is the protection against unauthorized disclosure of information. Confidential data and information may only be accessible to authorized persons in the permitted manner.\u201d <\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tIntegrity\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \u201cIntegrity means ensuring the correctness (integrity) of data and the correct functioning of systems.\u201d<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAvailability\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    The availability of services, functions of an IT system, IT applications or IT networks or even information is ensured if these can always be used by users as intended.<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Goal<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    The aim of the test activities generally consists of the following three points:<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t
    \n\t\t\t\t\t
    \t\t\t
    \n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tIdentification of existing weak points\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    and misconfigurations within the application system or the IT landscape.<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tRecommendation of suitable measures\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    to eliminate vulnerabilities in order to increase the resistance of the IT infrastructure to potential internal and external attackers.<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tDetermination of the safety level\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    of the IT infrastructure at the time of test execution based on the test results.<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    General test methodology<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Our test methodology in IT infrastructure testing<\/em> is based on the implementation concept for penetration tests<\/a> and the IT baseline protection compendium<\/a> of the BSI and the procedure of the Penetration Execution Standard (PTES)<\/a>. The specific test activities are adapted according to the agreed customer objective and the technical conditions. <\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Next Steps<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Once the study has been completed, there are various starting points for effectively continuing the previous analysis. A selection of sensible options can be put together individually during the consultation depending on the customer’s objective, wishes and results.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t
    \n\t\t\t\t\t
    \t\t\t
    \n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tFurther test activities at network level\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    If previous penetration tests were not able to sufficiently examine all areas of the network, it is possible to extend them to other network areas.<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWeb application and web service penetration testing\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    The previous test activities can be focused on individual application systems within the network in order to carry out a more application-specific analysis of the security risk.<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tSecurity consulting\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    General or application-specific topics in the area of IT security, best practices or know-how for raising awareness or for solution approaches can be communicated on the basis of knowledge gained and identified vulnerabilities.<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tSystemhardening\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    Test coverage can be increased by specifically checking application systems that are accessible in the network at configuration level.<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Sources<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    [1] Federal Office for Information Security,\u00a0IT-Grundschutz-Kompendium<\/a>\u00a0(Edition 2023)<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

    Sie befinden sich hier: Start Seite IT infrastructure IT infrastructure testing IT infrastructure testing refers to the investigation of software systems and IT landscapes at network level from the perspective of a malicious actor. The simulation of malicious activities to identify vulnerabilities is carried out via the public Internet or from a company’s internal network…<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":8189,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-microsite.php","meta":{"inline_featured_image":false,"footnotes":""},"class_list":["post-8201","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/pages\/8201","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/comments?post=8201"}],"version-history":[{"count":5,"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/pages\/8201\/revisions"}],"predecessor-version":[{"id":10860,"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/pages\/8201\/revisions\/10860"}],"up":[{"embeddable":true,"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/pages\/8189"}],"wp:attachment":[{"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/media?parent=8201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}