External Penetration Testing

Manual Network Penetration Testing

Virtually all organizations will have at least one internet connection, often several and they will usually be running services on them such as VPNs, email, webmail, webservers etc. All of these are attractive targets to attackers. It is important to understand that organizations are constantly under attack. 

Though it should be noted that it might not specifically be the organization that is targeted. Many attackers will simply scan the internet to identify vulnerable targets and attack them, rather than specific targeted attacks against an organization (though this still occurs particularly for high profile organizations).

It is vital that organizations understand the level of risk they are exposed to, reduce it where possible and manage the required risks. We can help evaluate and manage this risk through an external penetration test.

An external infrastructure penetration test involves a full port scan of TCP and UDP ports of public IP addresses from one of servers. This is followed up by a vulnerability scan of services found to be running on open ports. Vulnerability scans will be first performed with specialist scanners, however if certain services are discovered, other tools and scripts will be applied that are more specific to that service. The scanners we use are capable of finding a number of common vulnerabilities, such as version numbers displaying in services, default passwords, and insecure protocols.

Once all IP addresses are scanned and services identified, our testers will manually connect to each service and test for further vulnerabilities. For instance, if an FTP server is discovered, a tester will attempt a limited brute-force of username / password combinations, based on commonly used values or those relating to the client name. In the case of a web application being discovered, the tester will conduct a small unauthenticated Web Application Test for common vulnerabilities such as SQL Injection of Cross-site Scripting.