External Penetration Test
An External Penetration Test differs from a vulnerability assessment in that it actually exploits the vulnerabilities to determine what information is actually exposed to the outside world. An External Penetration Test mimics the actions of an actual attacker exploiting weaknesses in the network security without the usual dangers. This test examines external IT systems for any weakness that could be used by an external attacker to disrupt the confidentiality, availability or integrity of the network, thereby allowing the organisation to address each weakness.
HackLabs’ External Penetration Test follows best practice in penetration testing methodologies which includes:
- Public Information & Information Leakage
- DNS Analysis & DNS Bruteforcing
- Port Scanning
- System Fingerprinting
- Services Probing
- Exploit Research
- Manual Vulnerability Testing and Verification of Identified Vulnerabilities
- Intrusion Detection/Prevention System Testing
- Password Service Strength Testing
- Remediation Retest (optional)
Why Should I Perform an External Penetration Test?
IT Security Compliance regulations and guidelines (GLBA, NCUA, FFIEC, HIPAA, etc.) require an organisation to conduct independent testing of the Information Security Program to identify vulnerabilities that could result in unauthorised disclosure, misuse, alteration or destruction of confidential information, including Non-Public Personal Information (NPPI).
The Internet-facing components (website, email servers, etc.) of the organisation’s network are constantly exposed to threats from hackers.
Best Practice requires that each organisation should perform an External Penetration Test in addition to regular security assessments in order to ensure the security of their external network.