What is Network Penetration Testing?
Networks are a critical part of every organization, connecting assets so they can communicate with one another. An attack on a network can be devastating, as the threat actor may easily gain access to every device within that network. Network penetration testing aims to prevent such malicious acts by finding weaknesses before the attackers do. Pen testers focus on exploiting and uncovering vulnerabilities on different types of networks, associated devices like routers and switches, and network hosts. It aims to exploit flaws in these areas, like weak passwords or misconfigured assets, in order to gain access to critical systems or data.
External Network Pen Tests
External networks encompass all public networks, including the internet at large. Threat actors attempt to gain access to an organization’s internal systems by leveraging these external assets. Since many organizational applications, like mail servers, websites, or even customer portals maintain a connection to these external networks, they can provide a doorway if not properly protected. Attackers may attempt to steal sensitive data, or take control of an asset and use it for their own purposes, like cryptomining or as part of a botnet. External pen testers attempt to find weaknesses in an organization’s front facing perimeter or attempt to bypass them altogether with strategies like a phishing campaign or other social engineering methods.
Core Security’s external network penetration and security testing services can also include cloud networks in the testing scope. In order to get a better idea of what your external network testing needs are, we ask that you fill out the questionnaire, so we can tailor our services to meet your objectives.
Internal Network Pen Tests
Internal networks are those used solely by employees within an organization, like an intranet or any network using a private IP address. Attacks on internal networks can be incredibly damaging, as most sensitive or confidential data is stored within an organization’s intranet. Malicious employees or ex-employees pose a particularly large risk, since they already have access to these private networks. Pen testers may simulate the role of a disgruntled employee, or a threat actor who has stolen credentials to demonstrate potential weaknesses, like orphaned accounts or poorly managed access privileges.
Core Security’s internal network penetration and security testing services can also include wireless networks in the testing scope, since they are also typically only used by those within the organization. In order to get a better idea of what your internal network testing needs are, we ask that you fill out the questionnaire, so we can tailor our services to meet your objectives.
Network Penetration Testing from Core Security
Utilizing a penetration testing approach, this service unveils vulnerabilities that could exist in your networks, creating real-world attack scenarios in a controlled and professional fashion. From the information gathering to the exploitation of the findings Core Security selects the attack path as a real attacker would do.
Upon completion, you will receive the results of the identified vulnerabilities in general, as well as a detailed description of the attack path we follow. Our comprehensive report allows your IT staff to prioritize fixes based on valuable insights, including
- Easy to follow attack path
- Proof of Concept for each identified vulnerability
- Assessment like vulnerability enumeration
- Risk rating for each vulnerability based on attack likelihood
- Mitigations and recommendations for improvement