Industry
Hospitality
Organisation Size
Multi-site Hotel Environment
Location
Melbourne, Australia
Environment
Hybrid Network Infrastructure
Service Provided
Cybersecurity Assessment and Penetration Testing
The Challenge
The client operated a hotel environment with multiple network segments supporting both internal business operations and guest internet access. Given the sensitive nature of customer data and business operations, the organisation required assurance that its network controls could withstand real-world attack scenarios.
Key concerns included:
- Potential exposure of external-facing services
- Security gaps across internal corporate systems
- Risks associated with guest Wi-Fi without client isolation
- Weaknesses in Active Directory security controls
- Possible VLAN segmentation bypass between guest and corporate environments
The primary goal was to validate whether attackers could move laterally or gain unauthorized access across environments.
Objectives
The engagement focused on:
- Identifying vulnerabilities across external and internal network assets
- Validating external perimeter security
- Testing guest Wi-Fi segmentation controls
- Assessing internal domain security and authentication weaknesses
- Evaluating privilege escalation and lateral movement risks
- Providing actionable remediation recommendations
Scope of Assessment
External Perimeter Security
Internal Back-Office Network
Guest Network Security
VLAN Segmentation Validation
Active Directory Security
Our Approach
Redscale followed an industry-aligned penetration testing methodology based on:
- Penetration Testing Execution Standard (PTES)
- OWASP Testing Guide
- NIST SP 800-115
Key Findings
The assessment identified several security risks, including:
- Potential exposure points on the public perimeter
- Weak internal authentication controls
- Opportunities for credential harvesting
- Guest network peer-to-peer visibility risks
- Inconsistent segmentation enforcement
- Active Directory hardening opportunities
Each finding was risk-rated based on exploitability and business impact.
Outcomes
Following the assessment, the client gained:
- Improved visibility into network security weaknesses
- Validation of external perimeter exposure
- Stronger internal access controls
- Better segmentation assurance between guest and corporate networks
- Improved Active Directory security posture
- Reduced risk of lateral movement and unauthorized access
Deliverables
The client received:
- Executive summary report
- Detailed technical findings report
- Risk-prioritised remediation recommendations
- Evidence-based attack path documentation
- Optional remediation validation testing
- Stakeholder debrief session
Business Impact
By addressing the identified security gaps, the client significantly improved its overall cloud security posture and reduced its exposure to preventable cyber risks.
Stronger protection
Improved network segmentation assurance
Reduced external attack surface
Enhanced internal security controls
Lower risk of credential compromise
Greater operational continuity
Improved compliance readiness
Increased trust in guest-facing digital services
"Penetration testing highlighted critical areas we needed to address and helped us improve the security of both our business systems and guest-facing services."
IT Manager
