Gartner says that by 2020, 60% of digital businesses will suffer from service failures due to their IT security teams’ inability to manage digital risk. What does this mean for your business? Is your organization defending its network from cyber threats? Are you performing network penetration testing to validate your security efforts? What is network penetration testing, and should you be doing internal or external? Let’s discuss.
Internal vs. External Network Penetration Testing
What is network penetration testing? Well, there are two types – internal and external. External threats to your network may seem more obvious than internal threats. Most organizations would agree that anything exposed to the Internet needs some form of security testing, and we recommend external network penetration testing. If an external host is compromised, it can lead to an attacker digging deeper into your internal environment. If an external device is the target of an attack, like a hacker looking for a public-facing SFTP/FTP server that stores your clients’ data, these devices must also be protected. External network penetration testing is focused on the perimeter of your network and identifies any deficiencies that exist in the controls that protect against remote attackers targeting the Internet-facing systems in your environment. When performing external penetration testing, our penetration testers mimic real scenarios as best as possible to root out all potential vulnerabilities. External network penetration testing techniques include the following:
- Port scans and other network service interaction and queries
- Network sniffing, traffic monitoring, traffic analysis, and host discovery
- Spoofing or deceiving servers via dynamic routing updates (e.g., OSPF, RIP spoofing)
- Attempted logins or other use of systems with any account name/password
- Use of exploit code for leveraging discovered vulnerabilities
- Password cracking via capture and scanning of authentication databases
- Buffer overruns/underruns
- Spoofing or deceiving servers regarding network traffic
- Alteration of running system configuration except where denial of service would result
- Adding user accounts
Whether it’s disgruntled workers, previously terminated employees, or someone trying to steal trade secrets, there are lots of potential internal threats. Did you know that, on average, it only takes 16 minutes before the first employee clicks on a phishing email? Even without malicious intent, simple configuration issues or employee mishaps can also result in a network compromise, leading to the majority of attacks originating from within. That’s why internal network penetration testing targets the networked environment that lies behind public-facing devices. This type of penetration test is designed to identify and exploit issues that can be discovered by an attacker who has gained access to your internal network. Internal subnets, domain servers, file servers, printers, switches – it’s all in play during internal network penetration testing. Penetration testers will assess your internal network and thoroughly look for any avenue that could lead to exploitation.
How is Network Penetration Testing Performed?
Network penetration testing at KirkpatrickPrice begins with information gathering and the reconnaissance phase, where the organization being tested will provide the penetration tester with general information about in-scope targets, plus the penetration tester collects additional details from publicly accessible sources. Our penetration testers are looking for vulnerable ports and services that will allow them to gain entry into the network, similar to an open door or window on a house that is supposed to be locked. The reconnaissance phase is crucial to thorough network penetration testing because penetration testers can identify additional information that may have been overlooked, unknown, or not provided.
Then, a vulnerability assessment is performed where our expert penetration testers utilize multiple tools to gain initial knowledge. A vulnerability assessment is not a replacement for a network penetration test, though. After interpreting those results, our expert penetration testers will use manual techniques, human intuition, and their backgrounds in network administration to attack those vulnerabilities. After the completion of the network penetration testing, you will receive a comprehensive report with narratives of where we started the testing, how we found vulnerabilities, and how we exploited them.
KirkpatrickPrice’s network penetration testing methodologies are unique and efficient because they do not rely on static techniques and assessment methods. Effective penetration testing requires a diligent effort to find enterprise weaknesses, just like a malicious individual would. Our advanced, network penetration testing methodology is derived from various sources including the OSSTMM, Information Systems Audit Standards, CERT/CC, the SANS Institute, NIST, and OWASP. Our team of highly skilled penetration testers have backgrounds specifically in systems and network administration and understand the complexities of protecting your network. This works to our advantage so that we can identify the areas that are the most difficult to defend.
What is network penetration testing and how could it defend your organization? If you want to avoid the consequences of a compromised network while working with an expert ethical hacker, contact us today.