IT Infrastructure Security: Effective Protection for IT Systems & Networks

Detection of vulnerabilities and security risks by means of penetration tests & optimization of the security of your IT infrastructure

Theft, espionage, sabotage, blackmail and system failures – these are the most common targets which hackers pursue when they attack companies. The gateway which they often use are systems and IT infrastructure components which are inadequately secured or contain vulnerabilities.

We support you in increasing the security of your IT infrastructure and providing optimum protection for your IT against cyber attacks. Within the framework of penetration tests against your IT infrastructure, we uncover existing vulnerabilities at network and system levels and providing you with recommendations on how to mitigate them.

Your benefits at a glance

  • Objective analysis & evaluation of established security measures in the field of system & network security
  • Identification of specific vulnerabilities at system & network levels, including recommendations for action for their remediation
  • Testing based on recognized standards & best practices (e.g. NIST, OSSTMM & BSI)
  • Increase in the level of efficiency as well as the overall security level through individually derived recommendations for action
  • Robust risk assessment of your network security through the identification of the actual risks
  • Proactive prevention of financial & reputational losses due to security incidents

Our Services

Depending on what you want to check by means of a pen test, you can choose between different modules or test activities. Possible targets for attacks are various systems and IT infrastructure components, e.g. web & email servers, VPN gateways, domain controllers or file & database servers. Furthermore, we also check your firewall, switches, WLAN access points, virtualizations and complete network areas/infrastructures for vulnerabilities.

Port & Vulnerability Scans

Port & Vulnerability Scans

The aim of the vulnerability scans is the detection of generally known current vulnerabilities on the systems and components.

Identification of Services  

A port scan is carried out in order to identify which services are available on a system. Moreover, the method can be used to determine which versions of the services (software) are being used. To this end, relevant active scanning techniques are applied. The aim is to identify insecure services (e.g., clear text services/protocols or outdated versions) as well as unknown services or those which are not absolutely essential for operation (lack of hardening). In addition, the results can be used for more advanced (manual) attacks.

Manual Penetration Tests

In addition to the automated analysis and attack techniques, manually conducted investigations and verifications are always performed. For this purpose, our IT security experts always use the latest attack techniques from the hacker and security scene, as well as tools and scripts developed by ourselves.

Host Discovery

Identification of Systems

This testing methodology provides for tool-based (ARP) scans within a network segment (broadcast domain). The aim of the scans is the detection of all systems and components of a network segment – and therefore internally / in your network (host discovery) – in order to identify, for example, unknown or undocumented systems (“shadow IT”). The detection of systems can, however, also be performed against systems / network areas which are accessible from the Internet, e.g. against a certain IP range of your company.


Passive Reading of Network Traffic

In network sniffing, the network traffic within a network segment is passively read. The network traffic is logged and then subjected to an automated vulnerability analysis and manual verification. With the help of this method it is possible, for example, to recognize the use of plain text protocols or outdated protocols and software.

Review of Firewall Rules

Within the scope of this module, the firewall rules are reviewed. The aim is to use the most restrictive firewall rules possible based on secure protocols. The main steps involved in this process are as follows: check of the principle of minimality, detection of conflicting, expired, unnecessary or unused rules, identification of rules that are too broadly formulated (e.g. “any rules”), check of the stored services and protocols (e.g. use of clear text protocols).

Check of WLAN Security

We check your available WLANs for vulnerabilities and carry out further attacks as required, including e.g.:

• Identification of WLAN access points and clients (SSIDs, MAC addresses, encryption algorithms, etc.)

• Inspection of the outer boundaries of your site (fencing) in order to determine the WLANs that are accessible from outside

• Manual tests and active penetration attempts on the air interface depending on the respective security level by means of special tools (DoS attacks, MitM attacks, fake access point attacks, etc.)


Verification of Hardening according to Best Practices / Configuration Analyses

This testing methodology provides for manual configuration analyses of systems and components with the support of the persons in charge. The test essentially involves a security-related analysis and evaluation of the technical measures taken for system hardening and therefore the configurations carried out at the system and application level. The above includes, for example, the following points:

• Determination of the update/patch status (patch management)

• Review of Group Directives according to Microsoft's best practices (Windows systems)

• Review of the installed software and services

• Random check of the file system, e.g. check for plain text passwords in configuration files

• Review of stored groups and users, as well as their authorizations

• Analysis of the network services and firewall settings

• and much more.

The analysis is performed according to the white box approach or from the perspective of an internal attacker who has already gained access to a system. This testing methodology can often be combined with interviews of the corresponding individuals/administrators.

Review of Security Policies/Concepts, Network Architecture, etc.

This testing methodology provides for a review of your documentation. Operating and system documents that describe the behavior and properties of the systems and components are reviewed as part of the investigation. This includes, for example, documentation of the architecture, use and administration, installation, configuration and maintenance instructions, backup and security concepts. The aim is, among other things, to check the plausibility, comprehensibility and up-to-dateness of the documents and to make suggestions for improvement.

What the final report contains

All results of an analysis are made available to the client in the form of a detailed final report.

The final report is always created individually and in an easily understandable form by our experts (no automatic generation) and contains at least the following information:

  • Introduction: A brief description of the test object and the aim of the pentest.
  • Management/Executive summary: A summary of the results.
  • Risk assessment: Assignment of a degree of risk to each vulnerability (Informative, Low, Medium, High or Critical Risk), with which the criticality of the respective vulnerability is described.
  • Clear representation: Clear representation of all identified vulnerabilities in a table.
  • Detailed description of vulnerabilities & Proof-of-Concept: For each vulnerability there is an individual description that reflects precisely how the vulnerability was found and how it can be exploited by an attacker (proof-of-concept).
  • Evaluation of automated tests: The results of the automated tests are evaluated by the TÜVIT experts, checked for false/positive results and then summarized in the report.
  • Recommend measures to remedy the vulnerability: For each vulnerability, there is a recommended measure to eliminate the vulnerability.
  • References: If available, we provide references to vulnerability databases (e.g., CVE).
  • Technical Appendices: If available, further information and files on the tests performed are provided as an Appendix, e.g. the raw results of the port and vulnerability scans.

Procedure of the pentest

Discussion of specific technical & organizational features and the prerequisites.

Examination of the security measures implemented with respect to their effectiveness & completeness.

Compilation of the results in a final report. With a final presentation as an option.

Check whether the implemented improvement & defense measures are working (effectively). 

Frequently asked questions (FAQ):

What is the aim of a penetration test?

The aim of penetration tests is to identify generally known and current vulnerabilities as well as insecure and/or unknown services and systems and those which are not absolutely essential for operation. Furthermore, our analyses can reveal vulnerabilities and faulty configurations in your network infrastructure/architecture.

What is the result of a penetration test?

The result we provide you with is a detailed report in which specific comprehensible risks are highlighted and suggestions are made for appropriate measures to correct identified vulnerabilities.

What are the possible targets for attack of penetration tests?

The tests can be performed from outside, i.e. against systems which are accessible from the Internet, or internally, i.e. directly from the respective network segment (e.g. your office network or a DMZ).

The target of attack can therefore be various systems and IT infrastructure components, e.g. web and email servers, VPN gateways, domain controllers or file and database servers.

We also check your firewall, switches, WLAN access points, virtualizations and complete network areas/infrastructures for vulnerabilities.

What methodology does TÜVIT use?

In addition to the automated analysis and attack techniques, we always perform manual investigations and verifications as well. To this end, our IT security experts always apply the latest attack techniques/tools from the hacker and security scene, as well as tools and scripts developed by ourselves.

Furthermore, the procedure adopted by the TÜVIT experts is based on recognized standards and best practices, such as those of the Federal Office for Information Security.

Why we are a strong partner for you


With us you have one of the leading experts in the field of cyber security at your side, certified by the BSI as an IT security service provider for IS revision and penetration tests.

Industry experience

Due to many years of experience in different branches of industry we can serve companies from a wide range of industries.

Tailor-made for you

We focus on individual services - and solutions - that optimally fit your current company situation and your set goals.

International network of experts

Around the globe: We support you both nationally and internationally. Our global network of experts is ready to help you in word and deed in all IT security issues.


Our employees are not subject to any conflicts of interest, as they are not committed to any product suppliers, system integrators, stakeholders, interest groups or government agencies.

Further services

Enhanced Security Services

Enhanced Security Services

TÜVIT offers Enhanced Security Services, to keep your IT security level high at all times: from monitoring and retesting up to Red-Teaming.
Read more