Network Penetration Testing

External infrastructure testing

Penetration Testing: External Infrastructure

Minatio utilizes a risk-based approach to manually identify critical infrastructure vulnerabilities that exist on all Internet-accessible services within scope through our External Network Penetration Test. This Assessment achieves three primary objectives:

  • Creates a basis for future decisions regarding requirements, resource allocation and information security strategy.
  • Provides management with an understanding of the level of risk from Internet-accessible services.
  • Provide recommendations and details to facilitate a targeted mitigation approach a cost-effective.

 

Why perform an External Network Security Assessment?

  • To better identify and validate all security vulnerabilities associated with your Internet-facing environment.
  • To understand the level of risk existing at any single moment in time and execute a real-world attack on critical infrastructure.
  • To understand the level of risk held within your organization compared to similar companies and to ensure your critical data and systems are secure from an external attack.
  • Performing this assessment on a regular basis will also help address specific regulatory requirements, such as PCI DSS requirement 11.3.1.

Minatio Penetration Testing Process

Minatio External Penetration Testing Process

Scope: Penetration Testing: External Infrastructure
Minatio tests externally-facing network systems and services for vulnerabilities attributable to:

  • Network-layer password weaknesses
  • Software flaws
  • System configuration settings.

The devices tested include those that are accessible via public IP addresses, such as:

  • Remote access services such as dial-up modems and IPSec endpoints.
  • Firewalls
  • DNS and other external services including servers on your DMZ
  • Routers

Disruption to your operations will be minimized. All externally-reachable services will be identified and documented during your Penetration test.

Methodology

Penetration Testing: External Infrastructure

The Assessment begins with network reconnaissance followed by a process of data collection to learn as much as possible about the network topology and its hosts. Next is each component of the network is analyzed in the enumeration phase to extract details about its service types, operating systems, configuration parameters and protocols supported,. A number of paths exist from this point to system or data compromise. Identifying a weak password, exploiting known or suspected software vulnerabilities or manually discovering a configuration flaw in the service is the result of a successful penetration test. As the assessment process progresses through the network, the risk level for issues identified escalates.