Assess the security of your network infrastructure, including routers, switches, firewalls, and servers, to identify potential vulnerabilities and entry points for cyberattacks
External Infrastructure Penetration Testing
-
Planning and scope: The first step in an external penetration test is to plan and
define the scope of the test. This includes identifying the systems and assets that will
be tested, as well as any specific targets or vulnerabilities that the tester should
focus on
-
Information gathering: The next step is to gather as much information as possible
about the organization and its systems. This could include conducting online
research, using tools to scan for open ports and services, and attempting to gather
information from social media and other publicly available sources.
-
Vulnerability assessment: Once the tester has gathered information about the
organization and its systems, they will use this information to identify potential
vulnerabilities. This could include identifying weaknesses in the organization's
security posture, such as unpatched software or weak passwords.
-
Exploitation: If the tester is able to identify vulnerabilities, they will attempt to
exploit them to gain access to the organization's systems. This could involve using
tools or techniques to bypass security controls or exploit known vulnerabilities.
-
Reporting: After the testing is complete, the tester will prepare a report detailing
the vulnerabilities that were identified, the methods used to exploit them, and
recommendations for improving the organization's security posture.
-
Remediation: The final step is for the organization to review the report and take
action to address the vulnerabilities that were identified. This could involve patching
software, strengthening passwords, or implementing additional security controls.
Internal Infrastructure Penetration Testing
-
Information Gathering: In this step, the tester gathers as much information as
possible about the target’s systems or network. This can include publicly available
information about the company, its internet-facing assets, and its internal
infrastructure.
-
Reconnaissance: During reconnaissance, the tester uses the information gathered in
the first step to identify potential vulnerabilities in the target system or network.
This can include identifying open ports, services, and access points.
-
Discovery and Scanning: In this step, the tester uses tools to actively scan the
target’s systems or network in order to discover any vulnerabilities or weaknesses
that may exist. This can include using port scanners and vulnerability scanners to
identify open ports, running services, and known vulnerabilities.
-
Vulnerability Assessment: In this step, the tester assesses the vulnerabilities
identified in the previous steps to determine their impact on the target system or
network. This can include determining the likelihood of exploitation and the
potential impact on the target if exploited.
-
Exploitation: In this step, the tester attempts to exploit the vulnerabilities identified
in the previous steps in order to gain access to the target system or network.
-
Reporting: Once the testing is complete, the tester produces a report detailing the
vulnerabilities identified and the steps taken to exploit them. This report is then
provided to the client, along with recommendations for remediation.
-
Remediation: The final step is for the organization to review the report and take
action to address the vulnerabilities that were identified. This could involve patching
software, strengthening passwords, or implementing additional security controls.
