NETWORK PEN TEST

Verify Your Security With a Penetration Test

OVERVIEW

What is Network Penetration Testing?

Secure and robust infrastructure is fundamental to your organisation’s cyber security. Given the financial costs of suffering a breach, it is advisable to perform regular internal and external penetration testing to identify and help address vulnerabilities.

CSG’s accredited UK team has extensive network penetration testing service experience, helping organizations to identify exposures across on-premises and cloud environments.

Secure and robust infrastructure is fundamental to your organisation’s cyber security. Given the financial costs of suffering a breach, it is advisable to perform regular internal and external penetration testing to identify and help address vulnerabilities.

TYPES

Types of Network Penetration Testing

Network penetration testing, also known as Infrastructure penetration testing, can be performed from two perspectives: inside and outside your organisation’s network perimeter.

External vulnerability scan

The network edge is the last barrier to the open internet. With increased data breaches and attacks on businesses of all sizes, customers, regulators, and insurers virtually all require regular testing to ensure the perimeter is a reliable stronghold against attackers.  PCI DSS requires annual testing. Exploitable vulnerabilities can allow an attacker to compromise an organization’s network and gain access to
sensitive data.  Proactively testing the effectiveness of security controls identifies these weaknesses so companies can implement protective measures to mitigate risk.

Internal vulnerability scan

Most organizations focus primarily on protecting the perimeter of their environment from external threats. But how could your systems be exploited if that perimeter is breached? What damage could a malicious, or simply misinformed, employee or individual cause if the security controls of your internal environment are ineffective? Internal penetration testing evaluates security strengths and weaknesses inside your network to improve your overall infosec posture.

 

METHODOLOGY

CSG’s Comprehensive Testing Methodology

01. Reconnaissance
Initial reconnaissance activities to locate responding hosts and services across each public IP range and facilitate the development of the target list.
02. Target Planning
Initial targets are selected based on perceived opportunity and prioritized for first stage attacks.
03. Vulnerability Enumeration
Vulnerabilities, both published and undocumented, are enumerated to identify potential exploits to pursue on each targeted host.
04. Vulnerability Validation
Additional testing to confirm valid vulnerabilities, eliminate false positives, and validate target selection.
05. Attack Planning
Utilizing the information gathered, the methods, tools, and approaches are selected to pursue services likely to present opportunity to gain access.
06. Exploit Execution
Tests are conducted to establish command and control, ideally with persistence, to vulnerable hosts, applications, networks, and services.
07. Privilege Escalation & Lateral Movement
Post exploit actions are performed to gain additional access, penetrate further into the internal environment, escalate privileges, compromise lateral hosts, and harvest additional information.
08. Data Exfiltration
Locating sensitive information, configuration information, and other evidence is gathered to demonstrate impact.

DELIVERABLES

Deliverables For Completed Test

The complete penetration testing results are documented in our content rich report which includes the background, summary of findings, detailed findings, scope and methodology, and supplemental content for context and reference. Samples are available upon request.

An introduction of the general purpose, scope, methodology, and timing of the penetration test.

A brief but concise overview summarizing the results at a glance, such as key critical findings requiring priority attention, system or recurring issues, and other general results.

Comprehensive results of each vulnerability, including a description of the vulnerability observed, the impact, recommendations for remediation, evidence where the vulnerability was observed, step by step demonstrations of exploits performed.

A detailed recap of the specific scope of what was tested, the methodologies utilized, and related historical information necessary for audiences such as auditors to understand the specifics of the test approach.

Additional content and guidance, such as recommended post assessment activities, that provides added value to the audience of the report.

Why Choose CSG

  • A trusted partner with a personalized service

  • A company with a global reach

  • An extensive understanding of how threat actors operate

  • In-depth threat analysis and advice you can trust

  • Latest tools and technology

Request More Information On Network Pen Testing

1 + 12 =