An External Penetration Test differs from a vulnerability assessment in that it actually exploits the vulnerabilities to determine what information is actually exposed to the outside world. An External Penetration Test mimics the actions of an actual attacker exploiting weaknesses in the network security without the usual dangers. This test examines external IT systems for any weakness that could be used by an external attacker to disrupt the confidentiality, availability or integrity of the network, thereby allowing the organisation to address each weakness.
HackLabs’ External Penetration Test follows best practice in penetration testing methodologies which includes:
Footprinting
Public Information & Information Leakage
DNS Analysis & DNS Bruteforcing
Port Scanning
System Fingerprinting
Services Probing
Exploit Research
Manual Vulnerability Testing and Verification of Identified Vulnerabilities
Intrusion Detection/Prevention System Testing
Password Service Strength Testing
Remediation Retest (optional)
WHY SHOULD I PERFORM AN EXTERNAL PENETRATION TEST?
IT Security Compliance regulations and guidelines (GLBA, NCUA, FFIEC, HIPAA, etc.) require an organisation to conduct independent testing of the Information Security Program to identify vulnerabilities that could result in unauthorised disclosure, misuse, alteration or destruction of confidential information, including Non-Public Personal Information (NPPI).
The Internet-facing components (website, email servers, etc.) of the organisation’s network are constantly exposed to threats from hackers.
Best Practice requires that each organisation should perform an External Penetration Test in addition to regular security assessments in order to ensure the security of their external network.