This website uses cookies. View our cookie policy
Close
United Kingdom
Select regional store:

  External network penetration testing

Network penetration tests focus on the organisation’s boundaries – how it connects with the Internet and other external systems. If the interfaces are not designed correctly, this creates a perfect loophole for hackers to enter a network.

 
 

Does your network infrastructure invite attacks? Mitigate the risk with penetration testing

Breaking into systems can be relatively simple if someone has not properly patched and secured systems against the latest vulnerabilities. However, keeping systems up to date has become increasingly difficult. Indeed, NTT reports that timely patching could block 78% of internal vulnerabilities.

Organisations’ problems with patching are compounded by the fact that many computers still run on legacy systems. Windows 7 is the most widely used legacy system, still running on nearly half of all desktops, and it was the unpatched versions of this operating system that caused WannaCry and NotPetya to spread so rapidly.

Unfortunately, hackers have a window of opportunity between the time someone publishes a vulnerability and the time that vulnerability is patched or addressed. The longer this window stays open, the more the odds of compromise increase.

Penetration testing helps to identify configuration holes that could allow an attacker to gain access to a system.


 

Why is network testing so important?

Infrastructure-related vulnerabilities tend to arise from poor hardware configuration, poor system configuration parameters and poor security system controls. Other important factors include poor design and coding standards in either the operating system itself, independent software vendor (ISV) products or self-generated code. Exploiting a vulnerability allows a basic user to gain control in a privileged state – enabling access to resources on the network. Once in a privileged state, the hacker can choose to access sensitive data, modify data, cause the system to operate abnormally or crash the system. Report findings from a network penetration test could include the discovery of weak or default passwords, systems that are unpatched or poorly configured, the location of malware, or confidential data that is not properly secured. Vulnerabilities typically detected by this testing include:

  • Microsoft Windows, Linux and Unix operating system vulnerabilities and patches.
  • Known and published host application and service vulnerabilities
  • Network device vulnerabilities, such as firewalls, VPNs and routers.

 

What can you expect from a network application penetration test?

Our testers will assess the resilience of your infrastructure security controls and the ways an attacker might gain unauthorised access and control.

Network tests will focus on web servers, firewalls, Wi-Fi, etc. looking for holes in the network perimeter.

Our testing approach

IT Governance’s approach to network penetration testing is closely aligned to the Open Source Security Testing Methodology Manual (OSSTMM) - a methodology to test the operational security of physical locations, workflow, human security testing, physical security testing, wireless security testing, telecommunication security testing, data networks security testing and compliance.

What will my test cover?

  • A review of the test environment to identify information that would be useful to a hacker.
  • A range of manual tests using a methodology closely aligned with the OSSTMM.
  • A series of automated vulnerability scans.
  • Immediate notification of any critical vulnerabilities to help you take action fast.
  • A detailed technical report that identifies and explains the vulnerabilities (ranked in order of significance).
  • A list of recommended countermeasures to address any identified vulnerabilities.
  • An executive summary that explains what the risks mean in business terms.
 

Network penetration testing services