External Penetration Testing

External Network Security Assessment/Penetration Test

The external network security assessment, which is also called external “penetration testing” or external “ethical hacking,” is a process that evaluates and assesses the security posture of the corporate’s Internet presence. Conducted by our qualified information security professionals, the external penetration test provides our clients with detailed analysis of how real hackers/attackers might probe, exploit, and compromise their corporate IT; additionally, the client IT team will receive a detailed walk-through of how to mitigate environment any risk and cover any vulnerability.

The security professional simulates the actions of real hackers, and starting from few pieces of information, like the external IP address range of the client organization, he will find all Internet-facing servers and services and identify all vulnerabilities and security weaknesses. He will then analyze all attack vectors and ways of exploitation. Finally, our security professional will present the client with a clear report with all the recommendations to enhance their network security.

Although our penetration test assesses any Internet-facing server, device, or a service, it typically involves assessing the following assets:

  • DNS Servers
  • Web (http/https) Servers
  • File (ftp) Servers
  • Remote Access (citrix/rdp/ssh) Servers
  • Mail (smtp/imap/pop3) Servers
  • Routers and VPN Gateways
  • Firewalls and IDS/IPS

Our external penetration test follows a standard methodology, and the steps involved can be outlined as follows:

  1. Reconnaissance and footprinting
  2. Scanning, fingerprinting and identification
  3. Vulnerability assessment
  4. Attack vector analysis and exploitation
  5. Reporting

Our final report includes an executive section, which is a non-technical summary of the security issues, that is suitable for managers and executives; and it also includes a technical section with detailed descriptions and recommendations that is suitable for IT administrators and engineers. Along with the report, our clients get a face-to-face meeting with our security professionals to brief them about the report and help explain any difficult point.

Conducting regular penetration tests – annually, biannually, or quarterly – is a prerequisite for any organization wishing to become ISO certified in information security or be in compliance with the PCI DSS regulation.