Note from the Editor: This blog is the first installment of an 8-part blog series entitled, “Everything you need to know about an External Penetration Test.”
An external penetration test is a type of security assessment that can evaluate the resiliency of your institution’s network perimeter. An external penetration test is often the first type of assessments that most organizations go through. It makes sense as most institution’s are concerned with tackling their Internet-facing weaknesses first. Preventing anyone from undermining your perimeter security and allowing for unauthorized access to applications and sensitive data is key. Or, worst of all, an underlying host server.
Further, this type of test is also designed to emulate real world threats. It uses penetration testers that understand how hackers think and know how to exploit vulnerabilities that an attacker would use. Going above and beyond clicking “Go” on a vulnerability scanner, an external penetration test seeks to uncover additional vulnerabilities. It allows us to understand the real risk associated with identified vulnerabilities, and reduce false positives via manual verification.
Elements of an External Penetration Test:
Open Source Reconnaissance
We’ll use publicly available resources to try and uncover sensitive information. This includes types of technology used by the organization or potential usernames.
Full Port Scan
We use port scans to determine which services are exposed and accepting inbound connections. These scans will take a look at all 65,535 TCP ports and the top 1000 most popular UDP ports.
Vulnerability Scan
Where some assessments would center around a vulnerability scan, this is really just the beginning of an external penetration test. We use a vulnerability scan to speed up the identification process for some “low-hanging fruit” types of issues. Further, we exploit weaknesses that could lead to a more significant compromise.
Unauthenticated Web Application Penetration Testing
An external penetration test includes some aspects of web application penetration testing. This includes whatever an attacker can see and do from a blackbox perspective. In other words, we won’t be provided with valid credentials to log into discovered applications (unless we can find them ourselves).
Manual and Automated Exploit Attempts
This is really the bread and butter of an external penetration test, and the most important part of the assessment. It’s hard to completely cover everything that can happen during this portion of the attack. It includes looking for vulnerabilities that automated scans can’t find. Exploiting issues scans did find. And, understanding the risks associated with identified vulnerabilities, and noting any mitigating controls.
Password Attacks
Another important portion of external penetration testing are the opportunities for password attacks. These styles of attacks aim to use open source intelligence gathered and noted vulnerabilities. They combine them in a way that makes password attacks more likely to succeed while avoiding protections in place. These attacks can help you understand shortcomings in password policies, account lockouts, and multi-factor authentication schemes.
External Penetration Test Importance
An external penetration test is a foundational element of any well-rounded security program. It is also one of the most cost effective. It provides an opportunity to confirm your security controls are effective, and your organization is secure. To learn more about external penetration testing, and how to keep your higher ed institution cyber safe, schedule a call today. We can help.
About the Author:
JR Johnson is the Director of Penetration Testing at SIG. He holds a BS in Computer Science Engineering from the University of Florida. And a MS in Information Assurance and Cybersecurity from the Florida Institute of Technology. JR is an avid collector of security-related certifications, including OSCP, OSWE, GWAPT, CISSP, C|EH, CISA, and PCI QSA. You can find him on Twitter @InfoSecJR.
