Nano IT Security’s External Penetration Test, like the Internal Penetration Test, differs from a vulnerability assessment in that it actually exploits the vulnerabilities to determine what information is actually exposed to the outside world. An External Penetration Test mimics the actions of an actual attacker exploiting weaknesses in the network security without the usual dangers. This test examines external IT systems for any weakness that could be used by an external attacker to disrupt the confidentiality, availability or integrity of the network, thereby allowing the organisation to address each weakness.
During an external penetration test, we perform an assessment on all assets accessible from the Internet. In this way we are evaluating your security from the perspective of an outsider trying to look in.
Nano IT’s External Penetration Test follows best practice in penetration testing methodologies which includes:
- Public Information & Information Leakage;
- DNS Analysis & DNS Bruteforcing;
- Port Scanning;
- System Fingerprinting;
- Services Probing;
- Exploit Research;
- Manual Vulnerability Testing and Verification of Identified Vulnerabilities;
- Intrusion Detection/Prevention System Testing;
- Password Service Strength Testing;
- Remediation Retest (optional)
Why Perform an External Penetration Test?
The Internet-facing components (website, email servers, etc.) of the organisation’s network are constantly exposed to threats from hackers. Therefore IT Security Compliance regulations and guidelines (GLBA, NCUA, FFIEC, HIPAA, etc.) require organisation to conduct independent testing of the Information Security Program to identify vulnerabilities that could result in unauthorised disclosure, misuse, alteration or destruction of confidential information, including Non-Public Personal Information (NPPI).
Best Practice requires that each organisation should perform an External Penetration Test in addition to regular security assessments in order to ensure the security of their external network.
Have a look at our other pentesting services, and contact us to obtain an accurate understanding of your security and risk posture, while ensuring compliance with industry regulators and information security best practices.