Kiosk, Citrix, VDI, and Remote Desktop Reviews
Deploying a secure restricted environment for users is challenging, and the team at Insomnia Security have the skills required to identify weaknesses that could lead to unauthorised access. Using internally developed methodologies and tools, as well as up to date knowledge of current techniques, the testing team are experienced in reviewing both standard and non-standard deployments across a wide range of technology stacks.
When undertaking a security review of this type, the Insomnia Security team works to identify weaknesses that could lead to the circumvention of authentication controls, or the elevation of privileges from an authenticated low privileged user session. The review includes checking for known vulnerabilities, as well as reviewing the applications deployed within the environment, associated file system permissions, and the permissions of running services.
For deployments used in visitor registration kiosks, information centers, and other public areas; reviews may also include physical access testing. This includes access through touchscreens or tablets, access to power or network cabling, or the ability to connect peripherals such as HIDs or USB devices.
In restricted application environments, the testing team will explore the full functionality of the available applications, in an attempt to reach the underlying filesystem or to execute other applications that may result in further access. In addition to using the applications accessible within the deployed environment, the team will investigate methods of downloading and installing arbitrary applications from remote locations such as via HTTP, FTP, or other protocols.