This website uses cookies. View our cookie policy
Close
United Kingdom
Select regional store:

  Network penetration testing

Network penetration tests focus on the organisation’s boundaries – how it connects with the Internet and other external systems. If the interfaces are not designed correctly, this creates a perfect loophole for hackers to enter a network.

 
 

Does your network infrastructure invite attacks? Mitigate the risk with penetration testing

Breaking into systems can be relatively simple if someone has not properly patched and secured systems against the latest vulnerabilities. However, keeping systems up to date has become increasingly difficult. Indeed, NTT reports that timely patching could block 78% of internal vulnerabilities.

Organisations’ problems with patching are compounded by the fact that many computers still run on legacy systems. Windows 7 is the most widely used legacy system, still running on nearly half of all desktops, and it was the unpatched versions of this operating system that caused WannaCry and NotPetya to spread so rapidly.

Unfortunately, hackers have a window of opportunity between the time someone publishes a vulnerability and the time that vulnerability is patched or addressed. The longer this window stays open, the more the odds of compromise increase.

Penetration testing helps to identify configuration holes that could allow an attacker to gain access to a system.

View our network penetration test >>

 

The threat of insider and privilege misuse

Worse than external attacks are malicious insiders. They take advantage of their position within the company and their privileged user access to gain information for their own use – often with a financial motive. Verizon reports that the insider threat, although not as common in breaches as external actors, is still very significant, accounting for 15% of breaches.

Organisations are experiencing data loss across a wide range of content, formats and methods – from documents to databases, stolen electronically or physically. For most, this means the internal network is where the company is most vulnerable. Internal users have already bypassed many physical controls designed to protect computer resources. Consequently, organisations need to take further steps to protect themselves from the internal hacker threat.

Internal network penetration testing can help identify resources that are internally vulnerable and assist the system administrator in plugging these holes.

 

Why is network testing so important?

As with other types of penetration test, network testing can help security professionals gain insight into where and how to invest their limited resources. Penetration testing may be required because of regulatory compliance, due diligence or contractual obligations. Or it may simply be because of concerns that network controls are not properly implemented.

Most clients are interested in protecting specific kinds of data or networked assets. Perhaps unsurprisingly - given the onset of the General Data Protection Regulation (GDPR) - ‘personally identifiable information’ is a chief concern for penetration testing clients, followed by ‘sensitive internal data’, which can be anything from the content of internal communications to undisclosed financial metrics.

Report findings from a network penetration test could include the discovery of weak or default passwords, systems that are unpatched or poorly configured, the location of malware, or confidential data that is not properly secured.


 

What can you expect from a network application penetration test?

Our testers will assess the resilience of your infrastructure security controls and the ways an attacker might gain unauthorised access and control.

Network tests will focus on web servers, firewalls, Wi-Fi, etc. looking for holes in the network perimeter.

Our testing approach

IT Governance’s approach to network penetration testing is closely aligned to the Open Source Security Testing Methodology Manual (OSSTMM) - a methodology to test the operational security of physical locations, workflow, human security testing, physical security testing, wireless security testing, telecommunication security testing, data networks security testing and compliance.

What will my test cover?

  • A review of the test environment to identify information that would be useful to a hacker.
  • A range of manual tests using a methodology closely aligned with the OSSTMM.
  • A series of automated vulnerability scans.
  • Immediate notification of any critical vulnerabilities to help you take action fast.
  • A detailed technical report that identifies and explains the vulnerabilities (ranked in order of significance).
  • A list of recommended countermeasures to address any identified vulnerabilities.
  • An executive summary that explains what the risks mean in business terms.
 

Network penetration testing services