The Threat: Infrastructure Security Risks

When it comes to safety of the organization from the external threats, there are few critical questions to address that subject:

  • Could an attacker break into your network?

  • Are your firewalls really secure?

  • Do your VPNs provide the protection you expect?

  • Do you know what devices are on your external IPs?

  • Do you know what services they offer?


How do you answer these questions?

The Solution: External Infrastructure (and Firewall) Penetration Testing

External Penetration Testing Methodology

Our external penetration testing services are conducted by skilled professionals using the latest tools, best practice and our own proprietary testing techniques.

  • The initial step is to perform network reconnaissance, to determine network topology and live hosts. This is conducted using both network scanners and the tester’s intuition. Unresponsive hosts are confirmed during the test to maintain the intended scope and ensure best value for testing is achieved.

  • We then enumerate all live hosts, to discover operating system types, services and protocols. Live hosts and services are analysed for potential vulnerabilities, using both automated and manual techniques.

  • Firewall and VPN penetration testing will occur at this stage.

  • Any potential vulnerabilities are manually verified to remove false positives and ensure that only accurate results and information are included in the report.

  • We try to manually exploit verified vulnerabilities where possible to discover further exposures. The tester will research discovered software and services for applicable exploits and then attempt to compromise the relevant hosts.

  • In addition to exploiting vulnerabilities, we manually test for possible configuration errors. These include vendor defaults (such as usernames or passwords), remotely-accessible internal services and other misconfigured services or functions.

  • Throughout the test we will identify hosts which may require additional testing, such as a web application.

  • We can also conduct Firewall Rule Analysis as an additional service if you require.

  • LinkedIn - White Circle
  • w-facebook