External Network Penetration Testing
External Network Penetration Testing identifies the flaws and risks exposed through your Internet Gateway, so that an intelligent picture of the protected systems can be determined.
MTI External Network Penetration Testing: Overview
Many organisations claim to offer such services, however perceptions of Penetration Testing can range from a tools-based vulnerability scan, with limited intervention by a consultant, through to a bespoke manual test that relies entirely on the knowledge and expertise of the tester. The MTI approach lies between these extremes and closely follows the Open Source Security Testing Methodology.
This level of testing offers the optimum balance of thoroughness, quality and value, as confirmed by our memberships of the CESG CHECK scheme, as a Green Light Member, and the Council of Registered Ethical Security Testers (CREST). These are currently the main recognised standards of security testing, impartiality and quality aimed at companies (rather than individuals) and we are one of only a dozen or so companies globally to have achieved this.
In summary, network level testing will search for vulnerabilities in the following areas:
- Router filtering
- Firewall filtering
- Visible IP services
- Operating system software flaws
- Server application software flaws
- Known configuration errors
- Information disclosure that may aid an attacker
- Web server misconfigurations
- Subnet scanning / host enumeration
- Publically available information gathering
Verification & Exploitation of Vulnerabilities
Discovered vulnerabilities that are potentially exploitable, without risk of a denial of service attack, will be explored in an attempt to compromise the host and move further into an organisation's network. This has the benefit of verifying the extent of any vulnerability discovered, and potentially gaining further information which can prove valuable in tightening up security controls after the testing is completed.
If you would like more information regarding External Network Penetration Testing, please contact the MTI penetration testing team to discuss your requirements.