Internal and external network penetration testing
On average, cybersecurity attacks on organization’s network infrastructure cost $200,000, and yet only 14% of businesses have implemented security tools and procedures to protect themselves. Considering the frequency of such incidents (every 39 seconds worldwide), it is necessary to regularly check and update information security system. This is the primary goal of network penetration testing.
10Guards’s OSCP accredited team has major experience in network security testing. We offer a quality assessment of IT environment resilience, followed by identifying network vulnerabilities, such as:
- The presence of malware
- Weak security controls
- Software flaws
- Insecure firewall, router, user rules
- Unsafe configuration parameters
- Unpatched systems
After that we help organizations eliminate discovered threats to their business and build a more resilient system to prevent weaknesses from appearing.
There are two perspectives of conducting network penetration testing:
- Internal testing is performed inside the network and is dedicated to reveal threats, caused by a person or a software, that has some roles in a system – insider attacks.
- External testing aims to assess network perimeter security controls, and model attacks from the outside – web, mail, FTP servers.
Steps of network penetration testing
1. Preparation stage
10Guards’s penetration testing experts team up with organization’s specialists to define in-scope assets, appropriate strategy, and time frame of the project. Then our ethical hackers perform open-source intelligence (OSINT),
to gather publicly available information that could be used to compromise the network.
2. Active scanning, vulnerability analysis and exploitation
10Guards’ pen test team utilizes a large variety of manual and automated tools to assess networks of any size and composition. From the gathered information, we compile a complete picture of organization’s attack surface. After that, we identify all weaknesses and ethically exploit them to reveal current threats to the organization.
Our exploitation process contains gaining unauthorized access to the network, traversing there, searching for storage of sensitive information and bottlenecks, and then taking control over the network by privilege escalation.
3. Reporting and debrief
As soon as the technical part of testing is complete, our experts present a formal report. It describes all findings during previous steps with exhaustive technical details, and a list of recommended actions, sorted by the severity of discovered weaknesses.