External Network Penetration Testing

Understand how hackers exploit vulnerabilities in your IT systems from the internet

Misconfigurations and unpatched internet facing systems could allow attackers to access your information or cause business disruption. Our testers use the same techniques as attackers to find vulnerabilities that would affect your IT systems.

We combine automation with manual penetration testing to identify vulnerabilities that exist through improper configuration as well as those present in commercially released operating systems or applications that may be exploited to gain unauthorised access to the network or key servers from an internet perspective.

Benefits of a external network penetration test

  • Understand your real attack surface
    Understand the depth and breadth of vulnerabilities that could affect your IT systems if attackers were to exploit these. Vulnerabilities are rated with CVSS to help you prioritise the most serious vulnerabilities.
  • Find all exposed services before attackers find them
    Full TCP and UDP port ranges are searched and fingerprinted to understand the services that are running and how effective your firewalls are. Administrative services will be found such as SSH, web management portal, and services that use clear text channels, such as Telnet.
  • Map the perimeter of the network
    Perimeter networking devices are mapped (routers, load balancers, firewalls) to find your network boundary and attempt to move beyond the perimeter and into your internal network space.
  • Find flaws in out-of-date or misconfigured services
    Vulnerabilities are identified in software that is unpatched or has been set up in correctly.
  • Find legacy artifacts left during deployment
    Backup, configuration or any files that leak sensitive information that leads to a direct breach or information that could be used to breach your systems will be identified.

Our approach to external network penetration testing

Our tailored approach finds your weak spots and tackles both major security concerns and minor security flaws that could be used to breach. Giving you in-depth findings on the risks you face and how to fix them.

We use a combination of commercial and open source tools and manual and automated techniques to identify vulnerabilities thoroughly and efficiently.

There are a number of approaches that we use to exploit vulnerable targets including:

  • Attempting default user accounts and passwords
  • Weak passwords
  • Exploitation of default settings
  • Exploitation of development artifacts left at the deployment stage
  • Finding hidden functionality or services that should not be exposed to the internet
  • Identifying vulnerabilities within the underlying operating system
  • Exploiting out-of-date software
  • Reviewing the security data transit of each host
  • Searching for information leakage used for further attacks.

Frequently asked questions

If you have any further questions, Get in touch with our friendly team or visit our general FAQ's here
Can you work out of hours?

We can work out of hours for an additional charge. If part of your infrastructure is in a time zone that is in our normal working business hours then we won’t charge.

What happens if you find a critical vulnerability?

Our testers will contact you immediately by phone, email and the dedicated Slack channel that we will use with you during the testing process.

Will brute forcing our user accounts block access to our systems?

There is a possibility that this could occur. Let us know which systems are sensitive and they’ll be avoided.

Do you test for Denial of service (Dos)?

This isn’t something we actively test for and we wouldn’t recommend testing for this. However, we will highlight vulnerabilities that could lead to a Denial of Service.

Book with Informer today.

Book Now