An infrastructure and construction company, focused on the development and management of national strategic projects, was undergoing IT system modernization. As part of this initiative, the company managed its data center infrastructure to support critical business applications, including asset monitoring and project control systems.
Technological advancements prompted the company to adopt various digital services for field operations and project management. The data center served as the system backbone, running services ranging from asset management portals to toll gate systems controlling field equipment. As the volume of data and connectivity with third-party systems increased, so did the risk of cyberattacks, particularly concerning data confidentiality and network access security.
The data center stored hundreds of gigabytes of project data, including contract documents, financial reports, and field monitoring results, all requiring strict confidentiality.
The integration with vendors and partners (such as cloud service providers and toll gate systems) added complexity to access control.
The company was obligated to comply with IT security standards and ensure service availability o f≥ 99,9% without interruption due to security incidents.
LOGIQUE performed a comprehensive penetration test over one week, utilizing a combination of onsite and remote testing, delivered by a CEH Master certified pentester. Two strategies were combined for maximum coverage:
Conducted without internal system information, simulating a real external attack
Provided with limited credential access to simulate insider threats and enable in-depth testing
The use of 3DES cipher on the VPN was exposed, potentially allowing partial decryption of traffic after ~32 GB of data was recorded.
The SSH protocol was found vulnerable to downgrade negotiation, potentially weakening the encryption algorithm undetected.
The default community string allowed network configuration enumeration and potential unauthorized changes.
Reconfigure SSL/TLS and VPN to only support AES-GCM/ChaCha20-Poly1305.
Upgrade to OpenSSH ≥ 9.6; disable CBC modes; implement ecdh-sha2 key-exchange.
Replace the default community string with a unique value; migrate to SNMPv3 with authentication and encryption; restrict access via ACL.
With the recommended remediation actions, the company was able to strengthen the confidentiality, integrity, and availability of its data center infrastructure, while simultaneously meeting both internal and external security audit requirements.
Please visit LOGIQUE's Penetration Testing Services page for further information.
LOGIQUE offers world-class penetration testing services conducted by certified professionals (OSCP, CEH, etc.)—all performed in-house to ensure full confidentiality and top-quality results.
We provide clear, actionable reports, fast delivery, and tailored support. That’s why financial institutions, corporations, and government offices trust us.
Feel free to request a sample report or a tailored proposal. No obligations.
LOGIQUE 
