Professional penetration testing
If we don’t find any cyber security vulnerabilities, you pay nothing.
axxess2Security
Small and medium-sized enterprises (SMEs) are increasingly in the focus of cyber criminals. With the NIS2 Directive, the EU creates uniform standards to strengthen cyber security. Find out how our company can support you in protecting your company from cyber attacks and meeting the requirements of the NIS2 Directive.
Cyber Security
The cyber security situation in Germany has increasingly intensified in recent years for small and medium-sized enterprises (SMEs). According to the current Cyber Security Report of the Federal Office for Information Security (BSI), the number of cyber attacks on SMEs increased by 40% in 2020. Almost every second company (43%) has already been a victim of a cyber attack. The average cost of such an attack amounts to 38,000 euros.
These figures illustrate that cyber security is no longer a marginal issue for SMEs, but represents a central challenge. The increasing digitalisation and networking of business processes do open up new opportunities, but they also increase the attack surface for cyber criminals. Moreover, it is apparent that SMEs often lack the necessary resources and know-how to effectively protect their IT infrastructures.
Therefore, it is more important than ever for companies to invest in effective cyber security solutions.
NIS2
The NIS2 Directive is a significant initiative of the European Union aimed at strengthening cyber security and resilience of network and information systems across the EU. It was introduced to address the challenges of the constantly changing digital landscape and to create a common basis for the security of network and information systems in all EU member states. The member states are required to transpose it into national law by October 2024.
The NIS2 Directive affects a wide range of sectors and companies. It requires affected companies to take adequate and proportionate technical and organisational measures to minimise the risks to the security of their network and information systems. They must also make provisions to prevent disruptions from cyber security incidents and ensure the continuity of service.
In addition, they are required to report serious cyber security incidents to the relevant national authority. High fines can be imposed for breaches of the regulations.
Our company offers special services to help companies meet the requirements of the NIS2 Directive.
Our Services
Overall, our company offers a comprehensive solution for your IT security needs. Our aim is to help you strengthen your cyber security, protect your company from potential cyber attacks, meet compliance requirements such as NIS2, and build your information security management system according to your needs, e.g. towards ISO/IEC 27001 or according to BSI IT basic protection.
Penetration Test – Scope of Services
LAN/WLAN/Server: Network Segmentation
- Examination of network separation for purpose and functionality
- Alignment of perimeters with user permissions
- Evaluation of guest access security
- Assessment of authentication methods
- Firewall and authentication concept
Firewall Configuration
- Review of firewall configuration and rule sets
- Consulting on effective use of available (NGFW) features
- Use of additional authentication within networks (Zero Trust)
WLAN Configuration
- Review of encryption and login methods used
- Evaluation of individual user separation (Client Isolation)
- Secure use of unencrypted hotspots (e.g., during business trips)
VPN Access
- Review of encryption and authentication methods (IPSec, SSL-VPN)
- Testing the robustness of certificate validation
- Protection of basic protocols against man-in-the-middle and spoofing attacks
- Protection of LAN protocols (ARP, ICMP, DHCP) from internal attacks
Authentication
- Review of authentication types used (password, smartcard, 2-factor, etc.)
- Addressing Pass-the-Hash and Pass-the-Ticket vulnerabilities
- Identification of plaintext authentication and other insecure methods
- Windows protocol analysis (NTLM, Kerberos, SMB1, SMB2)
IPv6
- Examination of address assignment via DHCPv6 and autoconfiguration
- Securing management messages (Advertisements, Discovery) against manipulation
- Data leak prevention by disabling Teredo and other tunneling protocols
Routing Protocols
- Security review of protocols and configurations used
- Evaluation of application protocols in use
- Documentation and testing of protocols used
- Activation and review of SSL/TLS configuration
Email Encryption
- Review of S/MIME and PGP configuration
- Ensuring availability and user-friendliness
Windows Domain Configuration
- Review of group policies
- Auditing password security
Device Management
- Analysis of device, software, and update deployment processes
- Review of BYOD and MDM concepts
Backup Strategy
- Review of backup strategy for reliability during attacks (e.g., ransomware)
- Ensuring functionality in emergency situations
Organizational Measures
- Consulting on security policies and IT usage guidelines
- Evaluation and implementation of awareness and training measures
IP Telephony
- Review of encryption and login methods used (SIP, RTP)
Automated and Manual Vulnerability Scans
- Comprehensive vulnerability assessment of your networks by our experts
- Analysis of log files for attack attempts
Physical Protection Mechanisms
Helmut Wallrafen
Managing Director, Sozial-Holding of the City of Mönchengladbach GmbH
IT outages show how crucial reliable systems are. In a critical situation, axxessio immediately supported us with expertise in cybersecurity and IT architecture. Thanks to their quick assistance, our system was up and running again. For us, axxessio is more than a service provider – a true partner.