An external penetration test is an authorized assessment against your organization’s external IT infrastructure and exposed network services. Prior to beginning the external penetration test, FortyNorth Security will work with your staff to establish goals for the external penetration test. The most common goal for an external penetration test is to determine if it is possible for an attacker to gain an internal foothold into your organization’s network. However, the goal(s) are customized for each assessment based on your organizations requirements.
The external penetration test is conducted from the perspective of an outside attacker analyzing your organization’s publicly available IT infrastructure. We follow the same steps that an attacker would conduct when attempting to gain access to your organization’s internal networks. The following is a sample set of actions performed:
- Network Reconnaissance
- Detect all computers within the in-scope range provided by your organization
- Detect all services running within the in-scope range
- Obtain DNS records that can be used to identify more systems
- Identify version information of running services
- Interact with services to identify any configuration information
- Research known vulnerabilities or misconfigurations associated with the services running on your organization’s infrastructure
- As exploits are identified, review the exploits to determine if they are safe and if it would impact the stability of the targeted service
- Validate the existence of the vulnerable service by testing if the exploit is successful, or coordinate with your organization for a time to test the exploit
- After successfully exploiting a vulnerability, determine if it is possible to achieve the external penetration test’s goal
- Restart the process
- Review additional vulnerabilities that may provide access to your organization’s internal network
- Once internal access is available, if applicable, restart the entire process from the perspective of an attacker who has obtained internal network access
The external penetration test is a service offering that should be used after your organization has attempted to harden your external perimeter via patching and secure service configurations. This service will validate the effort your organization has invested in and identify any areas that might need remediation.