A large city wanted to test its overall security protections from external threat actors. The focus of the test would be internet facing internal systems that are maintained and managed by the city and provide critical city services to both internal stakeholders and residents.
Baker Tilly assisted the city in performing an external penetration test to identify weaknesses in city-maintained and managed infrastructure that could enable an attacker to gain access to internal systems and disrupt city operations. During our testing, Baker Tilly identified various weaknesses in the city's secure network transmissions that could enable an attacker to perform a man-in-the-middle attack or hijack a user's session that could result in unauthorized access to sensitive information or even access to internal systems that could then be used to launch a broader attack.
The results of Baker Tilly's testing allowed the city to quickly remediate the identified weak network transmission protocols and mitigate the risk of an outside threat actor from gaining access to confidential information or internal systems.