What is Network Penetration Testing?
Network penetration testing is an attempt by an ethical hacker to breach an organization’s network without doing harm. The objective is to identify security weaknesses in the network and its security controls, report on them, and allow the organization to remediate them.
Modern networks are extremely complex, with a combination of WAN, LAN, and wireless networks, a large number of endpoints including servers, workstations, mobile devices and internet of things (IoT) devices, and security technologies like firewalls and intrusion prevention systems (IPS). Any of these could be a weak link that allows attackers to penetrate the network.
External vs. Internal Network Penetration Testing
External Penetration Testing
Traditionally, external threats were often considered more important than internal threats. Most organizations agree that anything exposed to the Internet needs some form of security testing, and possibly the most rigorous type of testing is penetration testing.
If an external host is compromised, it can lead to an attacker digging deeper into the internal environment. If an external device is the target of an attack, like a hacker looking for a public-facing SFTP/FTP server that stores client data, these devices must also be protected.
External network penetration testing focuses on the perimeter of your network and identifies any deficiencies that exist in public-facing security controls. When performing external penetration testing, the testers mimic real scenarios as best as possible to identify as many potential vulnerabilities as possible.
External network penetration testing techniques include the following:
- Host and service discover, port scanning and querying
- Attempting to gain access to public-facing systems using default passwords, brute force, password cracking, or other techniques
- Network sniffing and traffic monitoring
- Spoofing or deceiving servers and network equipment
- Using buffer overflow or similar attacks for remote code execution
- Running exploits for discovered vulnerabilities
- Changing configuration of running systems
- Denial of Service (DoS)
- Privilege escalation and lateral movement when gaining access to any internal systems
Internal Penetration Testing
Insider threats are a growing concern at most organizations. An insider threat could be a disgruntled worker, previously terminated employees, or someone trying to steal trade secrets. An insider threat could also be someone who does not have malicious intent—for example, negligent or careless employees, human errors and misconfigurations can all result in a network compromise.
Internal network penetration testing targets the networked environment that lies behind public-facing devices. This type of penetration test is designed to identify and exploit issues that can be discovered by an attacker who has gained access to your internal network.
Internal penetration testing techniques include:
- Scanning for internal subnets, domain servers, file servers, printers, switches
- Privilege escalation and lateral movement
- Identifying vulnerable devices, services, or operating systems on the local network
- Deploying malware such as trojans and rootkits to gain persistent access
No comments:
Write comments