Security audit

The challenge

A client from the logistics industry in Poznań contacted us when they noticed unexpected downtime in their invoicing system. The IT team couldn't locate the source of the problem, and for 3 weeks the company lost access to 47 important sales documents.

The problem was a lack of control over user permissions within the local network. Too broad access to databases created a risk of a leak, evidenced by unauthorized login attempts recorded in the system logs at night.

Our approach

Our team, which included 3 specialists, started by fully scanning network nodes after working hours to not disturb warehouse operations. We used proprietary scripts to map permissions of each of the 12 workstations in the office.

For the first 4 days, we analyzed data flow between the server and endpoints. Then, over the next 5 days, we conducted an attack simulation to check whether our security would actually stop a leak attempt in real-time.

The solution

We implemented two-factor access verification and limited permissions for accounts with access to HR data. We automated the login process, which eliminated 12 weak points the management didn't even know existed.

Finally, we delivered a report in PDF format that contained 14 specific recommendations. The client also received a list of 7 steps to perform independently by their internal administrator, which significantly lowered the costs of long-term support.

Results

After 14 days of auditing and implementing fixes, incidents with unauthorized logins stopped completely. Invoice processing speed increased, and the finance department regained full control over document flow.

Timeline

1. September 2024
   First meeting and server log analysis
2. October 2024
   Infrastructure audit conduct in Poznań
3. November 2024
   Implementation of fixes and personnel training