SecureTeam’s STORM (Security Testing On Remote Module) appliances have been designed to allow our consultancy team the ability to perform the majority of our onsite penetration testing and security assessment services remotely.
Based on a high-powered Intel NUC desktop computer, our STORM Node appliances combine a powerful set of automated and manual penetration testing tools with fast and efficient processing power – allowing SecureTeam consultants the ability to perform remote penetration tests effectively and securely.
Our custom-developed STORM appliances are security-hardened and have been designed to allow our consultancy team secure & remote access to your organisation’s network or applications. The security of your data is of paramount importance to us; therefore, we have custom-developed our STORM range of remote testing devices to safeguard your data and organisation at every stage of the process.
During the development phase of our STORM appliances, we concentrated on the following areas that relate to the security of your information:
Security-Hardened Device Build
Our STORM appliances are based around a secure Linux operating system, which has been security-hardened in line with leading industry security standards. These standards include the relevant CIS (Center for Internet Security) hardening guides, Payment Card Industry Digital Security Standard (PCI-DSS) and the UK government Cyber Essentials scheme. We have also applied our own experience as penetration testers, to mitigate the latest security threats and vulnerabilities that are being exploited by attackers “in the wild”.
All data on our STORM appliances is encrypted using full-disk encryption and uses a strong AES-XTS cipher which is applied using a 512-bit cipher key. If an attacker was able to obtain physical access to a drive on a STORM appliance, it would theoretically take them several hundred years to obtain access to the data stored within it.
In addition to using a robust method of encryption, we have integrated a USB-based hardware key into the decryption process, which must be inserted into the STORM appliance before it can be booted. Once the device is booted, the USB key can be removed, so that your data remains encrypted if the device were to be stolen from your offices.
Our returns process requires that the USB decryption key is sent back to SecureTeam separately from the STORM appliance. This means that if the device were to be stolen on its return to us, the drive (and more importantly your data) remains encrypted, as it is unlikely that the thief would have access to both the STORM appliance and the decryption key.
Secure Remote Network Access
Once deployed on a customer network, our STORM appliances use an encrypted Virtual Private Network (VPN) connection between the device and our secure UK datacentre.
All network traffic is encapsulated in a TLS (version 1.3) network tunnel and is encrypted using an AES-GCM cipher which uses a 256-bit rotating cipher key. Authentication to our VPN gateway is implemented using certificate-based authentication, which means an attacker would not be able to gain access to the VPN through a set of stolen credentials.
Using a secure, end-to-end method of encryption, means that the network traffic is not susceptible to interception or modification by a malicious user through a “man-in-the-middle” attack.
We enforce strict firewall rules at both device and gateway-level to ensure complete network segregation between our STORM appliances. This level of network segregation makes it impossible for network traffic to be routed between two (or more) adjacent customer networks that each have a STORM appliance installed.
Logging & Monitoring
All activity on our STORM appliances is logged to SecureTeam’s central Security Information & Event Management (SIEM) solution. This provides us with a robust audit trail of all actions and events that have taken place on a STORM appliance when it is connected to a network.
In addition to this, all network traffic that is sent between SecureTeam and our STORM appliances is protected by our Intrusion Prevention System (IPS). This is designed to actively identify and block potential attacks and threats, which may impact the operational security of our STORM appliances.
Security Updates & Patching
In order to stay protected against the latest security vulnerabilities and threats, all STORM appliances have the latest patches and security updates applied before they are deployed to a customer site. We also have the ability to push patches and updates out to the devices once they are deployed in the field.
Robust Provisioning Process
SecureTeam follows a stringent provisioning process to ensure that every STORM appliance is deployed to our customer sites in a consistent and secure manner.
When a device is returned to us, all storage media is securely wiped using a UK government-approved disk wiping process, before being re-imaged from a standard “gold” image. This ensures that previous customer data cannot be recovered from our devices if they were to be stolen from a future customer site.
All device passwords and encryption keys are securely destroyed and regenerated on a per-project basis before being shipped to a customer site. This ensures that even if device passwords or encryption keys were stolen from a device while on a previous customer site, they would no longer be valid when the device is sent to the next customer.
Factory Acceptance Testing
All STORM appliances undergo a thorough Factory Acceptance Test (FAT) before being deployed to a customer site. This ensures that all security measures have been correctly applied and that the device is fully operational when it is deployed.
A vulnerability assessment is conducted on all STORM appliances before they are deployed to a customer environment and this forms part of our FAT process. This ensures that if any security vulnerabilities remain after our build process, they can be identified and corrected before our devices are connected to customer networks.
Qualified & Vetted Consultants
STORM appliances can only be accessed by our qualified and security vetted consultants. All of our security consultants undergo strict pre-employment background checks, before being granted access to our infrastructure. In addition to this, the majority of our staff carry UK government security clearance, which allows us to work in public sector environments that handle highly sensitive information.
Lastly, all of our penetration testers are either CREST (Council of Registered Ethical Security Testers) or TigerScheme accredited and undergo regular examinations to ensure they remain qualified to conduct the services that we offer to our customers.
Our STORM appliances contain a specific security toolset, which comprises a blend of commercially available and industry-recognised applications and scripts. We perform strict quality assurance testing internally to ensure that all applications are fit for purpose and will not cause any undesired impact when used in a customer environment.
SecureTeam is continuously developing our STORM appliances to ensure they remain security hardened against the latest vulnerabilities and threats. Our internal development lifecycle means that our STORM appliances are regularly updated, allowing us to deliver our onsite consultancy services with a high level of security and functionality as we develop new security testing services for our customers.