Home ⤏ Assurance Services ⤏ Penetration Testing ⤏ INFRASTRUCTURE TESTING
External Penetration Test
A Network Pentest (also known as an External Network Security Assessment) is an external penetration test that identifies the vulnerabilities of your computer systems through their exposure to the Internet and should be carried out on an annual basis.
Broken Cipher typically performs Network Penetration Tests on the following devices and systems:
- DNS Servers
- Internet Routers
- Firewalls
- IDS/IPS
- VPN Servers
- FTP Servers
- HTTP/HTTPS Servers
- Mail Servers
- Intranet/Extranet Servers
A Broken Cipher Network Penetration Test follows a standard penetration testing methodology: information gathering, scanning and probing, vulnerability assessment, exploitation, and reporting.
Network Penetration Tests are undertaken by experienced EC-Council or Offensive Security qualified security consultants using a range of network security testing tools combined with manual network vulnerability testing techniques.
The output of a Broken Cipher Network Penetration Test is a report with a non-technical overview of the impacts and likelihood of the most serious security issues, coupled with technical details of the tests undertaken, more comprehensive descriptions of the individual issues, and recommendations for resolution.
We prefer to deliver this Network Security Vulnerability Assessment report face to face to enable discussion and full comprehension of the risks identified. We also make our testers available for further meetings and discussions with those who are tasked with fixing any issues. Finally, we recommend a retest to ensure that fixes have been successfully applied.
Internal Penetration Test
An Internal Penetration Test is an attempt to gain access to your IT systems from the perspective of either an attacker who has internal access or an employee with low access privileges. Often deemed low risk by management, internal security vulnerabilities can pose a substantial threat and need to be taken seriously.
When performing an Internal Penetration Test, Broken Cipher will attempt to escalate privileges and gain access to those systems or devices agreed to prior to testing. In order to confirm the situation we will have a number of targets such as retrieving:
- Administrator passwords
- Database passwords
- System or server screenshots
- Confidential emails
- Confidential documents
An Internal Pentest follows the standard penetration test methodology. Information is gathered about the local network. Service and vulnerability scanning is carried out. Potential exploitation is determined and exploitation is attempted. Internal testing has a significant manual element due to the manner in which sensitive information can be identified.
The output of a Broken Cipher Internal Penetration Test is a report with a non-technical overview of the impacts and likelihood of the most serious security issues, coupled with technical details of the tests undertaken, more comprehensive descriptions of the individual issues, and recommendations for resolution.
We prefer to deliver this Internal Security Vulnerability Assessment report face to face to enable discussion and full comprehension of the risks identified. We also make our testers available for further meetings and discussions with those who are tasked with fixing any issues. Finally, we recommend a retest to ensure that fixes have been successfully applied.