Public insurers

An insurer handles sensitive information. To protect this data, the security of the internal IT infrastructure was assessed with a penetration test. Furthermore, specific servers have been hardened to provide additional security against attacks.

The corporate network was examined locally. The penetration test was performed without any credentials, to achieve a realistic security evaluation of the network. Subsequently, system hardening was performed for critical servers.

It was possible to show the customer how a number of vulnerabilities could be combined to escalate the access without any credentials to full access as the domains administrator. To impede such attacks, critical systems were hardened appropriately.