EXTERNAL PENETRATION TESTING
Identify your external infrastructure vulnerabilities and assess the risks affecting your internet facing assets. This exercise follows a risk mitigation plan to maintain a minimal attack surface over the internet.
What is an external network penetration test?
External network penetration test simulates an internet attacker on organisational devices, applications and data. This threat actor mimics an internet user with zero prior knowledge and relies on internet based information about your organisation (Open Source Intelligence).
An external penetration test exercise, a part of the infrastructure penetration testing, establishes an organisations’ internet footprint. It helps in identifying vulnerabilities in the remote workforce infrastructure, devices such as firewalls, email servers, applications and web servers.
Compared to an internal pen test, it is quick and short exercise. For instance, a medium to large organisation may expect results within a week to two weeks maximum.
As a customer, it is important for you to know where you require external penetration testing or vulnerability scanning and if you are making an informed choice.
Penetration tests include a full vulnerability scan and justify the investment by following manual approach to safely exploiting the vulnerabilities to mimic real world threats. A pentester also elaborates risk impact, likelihood and technical supporting information to ensure customer security team is aware of the risk.
A vulnerability scan is a sub-set of penetration test that includes analysis of vulnerabilities that may or may not affect the environment. It is helpful exercise for assets at scale and continuous checks to know the threat surface (less deep, more wide analysis).
External pen test methodology
01. Initial Scoping & Objectives
As this is a black box external security testing, we only require the target IP addresses or ranges in scope. An authorisation form is sent to seek customer’s permission to allow us work in line with Computer misuse act before the project.
With increased awareness about cyber security attacks, these opportunities are few and far between. We try exploitation using attack vectors such as network or web application vulnerabilities, misconfigured servers or default credentials mainly.
02. reconnaissance & intelligence gathering
Reconnaissance phase works with the single objective – information gathering and analysis to provide relevant information for later stages. Based on project scope, intelligence gathering is mostly infrastructure related (e.g., network layouts, domains, servers, infrastructure details) unless it is a red team pentesting where personnel are in scope.
05. data analysis & reporting
This includes analysis on the test output, evaluation of the risk impact and attack likelihood before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels.
03. active scanning & vulnerability analysis
Using manual approaches and penetration testing tools, our security experts identify security weaknesses and prepare an attack layout to target vulnerable systems.
06. debrief & support
Our engagement process includes delivering a free of charge debrief to management and technical teams. This session involves help to prepare a remediation plan and Q&A to ensure that customer contacts are up to date. Cyphere also provide a remediation consultancy where we define and execute the risk mitigation plan.
Vulnerabilities discovered by our External Penetration Testing service
Frequently Asked Questions about External Network Penetration Testing
External pen test provides results of security threats faced by your internet-facing infrastructure. An example is to check for information security weaknesses that help to avoid data breaches such as exposed databases or sensitive data.
This includes detailed issues along with proof of concepts supporting technical teams. For example, a firewall administrative interface that is running a vulnerable version is exposed to the internet. However, it could do with exposure to your IT service provider IP ranges only. This is an excessive exposure and should be reviewed in line with the defence in-depth approach.
An external penetration test is performed on the vulnerabilities that could be exploited by an Internet-based threat actor. An internal network is not supposed to be visible from the outside. No checks are made on the internal assets unless explicitly agreed.
An external pen test starts with port scanning over the Internet, followed by vulnerability assessment, analysis and exploitation phase. An internal penetration test is different to external pen testing in its methodology and purpose. Due to latency over the internet, the port scan test window is agreed with the client based on several factors such as hosting provider, the sensitivity of the assets and business operations sensitivity of the target assets. This input is fed into the vulnerability scanning phase to figure out if the identified vulnerabilities could be exploited. The exploitation phase involves an attempt to gain access to different services, internal and external assets. Any other attack vectors that an attacker could exploit or issues that could lead to data breaches are explored. All output from this execution is fed into the data analysis & reporting phase.
This is a fully remote test. Our external IP addresses are shared with the customer before the test as part of seeking authorisation (Computer Misuse Act), providing sufficient time window to share the originating IPs with relevant devices and teams where needed for monitoring and white-listing purposes.
Cyphere’s external pen test reports are world class deliverables containing raw data to support proof of concept and risk remediation measures.
Risk remediation is sometimes a complex process due to the specialist security skill-set needed for IT teams. As part of our aftercare support, we provide help in preparing remediation plans for all our customers.
Optionally, we provide remediation consultancy to ensure all agreed findings are mitigated in line with best information security practices.