Server and Firewall Security Review of a Wellness Product - Cyber Security Case Study

Scenario

We were contracted by the company for reviewing the firewall and production server to identify possible weaknesses in configuration.

Testing methodology

Manual approach was applied for reviewing the server and firewall because of live environment.

Risk Found

    Client server was found with default configuration. There were no advanced security configuration done as a hardening process. Along with that we were able to do SSH brute force attack and gain server access in unauthorized manner. This could lead to access of all product code, database. If any attacker gains this access, he can completely destroy the Production servers that could lead to potential Brand value loss of 5Cr - that was saved!

Business Risk

--------------------