Connect and Go: The usd OrangeBox Makes Preparing for Remote Pentests Easy

12. April 2024

A penetration test or pentest provides answers to the question of whether attackers can penetrate your IT infrastructure. There are two ways in which our security analysts can carry out a pentest of your systems and applications: on site or remotely.

Remote access is particularly suitable if the IP addresses to be tested are accessible from the internet, which is the case for websites or online stores, for example. Systems and applications that are not accessible from the Internet have traditionally been tested directly on your premises. However, the presence of our analysts on site is often neither necessary nor the most efficient and practical solution for carrying out a pentest. A remote pentest, for example with the usd OrangeBox, can cover the same attack scenarios and the same scope of testing as an on-site pentest.

Preparation for remote pentests

We have been offering you the option of setting up a secure connection between the usd HeroLab's high-security network and your network to be tested via site-to-site VPN for years. However, setting up site-to-site VPN connections requires appropriate specialist personnel and time expenditure on your part.

The experts at usd HeroLabs have developed the usd OrangeBox to make setting up a secure connection easier and more resource-efficient for you.

The usd OrangeBox is a wonderful addition to existing remote pentesting procedures. It enables the simple and easy establishment of secure site-to-site connections for pentesting with usd.

Markus Ritter, Managing Security Consultant, usd HeroLab

Secure connection via the usd OrangeBox

The usd OrangeBox enables remote pentesting of systems and applications in internal networks with a high level of security and efficiency. It is based on highly reliable and open technologies and works on a VPN basis. The encryption methods used comply with the recommendations of the German Federal Office for Information Security (BSI). Dedicated firewalls and strict authorizations ensure that only those security analysts who are actively involved in carrying out your pentest have access to the connected networks. In this way, the OrangeBox automatically enables a secure connection between your network and the usd HeroLab's high-security network.

Setting up the usd OrangeBox

usd OrangeBox as Hardware makes preparing for remote pentests easier
usd OrangeBox - Hardware

You will receive the usd OrangeBox from us electronically as a virtual machine or by post as hardware. Connect the OrangeBox to the network to be tested and make sure that it can establish an HTTPS connection (directly or via Internet proxy) to our network. Further access to the Internet or accessibility from the Internet is not required. If this condition is met and the usd OrangeBox has access to the systems to be tested, it automatically establishes an encrypted VPN connection to the usd HeroLab's high-security network. The usd OrangeBox can be placed in any network and can be adapted to your individual requirements at any time - be it the consideration of several locations or the connection to several networks. The VPN connection is terminated as soon as you remove the box from your network or shut down the virtual machine.

Also interesting:

DORA Countdown: One Month Left Until the Deadline

DORA Countdown: One Month Left Until the Deadline

DORA, the Digital Operational Resilience Act, will fully apply as of 17 January 2025. We have summarized everything you need to know about the EU regulation, preparation and best practices from our news blog.

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

PCI DSS v4.0: In March 2024, version 4.0 of the Payment Card Industry Data Security Standard became mandatory after a two-year transition phase. Just a few months later, version 4.0.1 was released as a minor update of the standard, which will become mandatory on...

Top 3 Vulnerabilities in SSO Pentests

Top 3 Vulnerabilities in SSO Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

Categories

Categories