Organisations use a penetration test to expose exploitable vulnerabilities and mitigate the risk of individuals or groups gaining unauthorised access to their systems.
It is best to conduct regular penetration tests on your infrastructure and applications as part of your security regime.
There are many different penetration tests available, all of which fall under the five areas below:
- External Pen Testing
- Internal IT Infrastructure
- Web Application Penetration Testing
- Social Engineering & Physical Security Tests
- Wireless Networks Penetration Testing
For 25 years, Sapphire’s pen testers have been delivering successful testing and vulnerability analysis services for organisations across the UK.
This blog post will provide an overview of each type of penetration test, along with the benefits.
External Network Penetration Testing
There are a variety of routes whereby a bad actor can gain unauthorised access to an organisation’s systems. They range from telephony solutions, modems, ISDN and DSL, to name a few. These systems are used for various business purposes, including; support for remote and home working by staff, dedicated connections with organisation partners and suppliers, access to public networks (e.g. Internet) and third-party networks.
When deciding on the scope of an external penetration test, the organisation needs to consider what external communication routes and services the organisation believes could be breached either intentionally or possibly accidentally. For this reason, an organisation may decide on one or several types of penetration testing below to expose vulnerabilities and bolster their defences.
Firewall Configuration Testing: a test to assess whether the configuration rules are deployed at an internal network or external (Internet) boundaries. A firewall configurations review helps to build and maintain confidence in the security of your organisations’ perimeter security controls.
Internet Vulnerability Scanning: this test performs a scan of the customer’s Internet connection to determine what services and associated vulnerabilities may be exposed to the outside world by cyberattacks providing insight and intelligence around the exposure of the business.
Perimeter Network Testing extends remote testing by checking for vulnerabilities that may only be visible inside the external router. Perimeter Network Penetration Tests helps determine the dependency on the external router, which may be the third-party supplied and configured.
Email Testing: there are various email services available, and each one has potential and known security vulnerabilities. In Email penetration testing, a pen tester will require an investigation of each of the types of mail services used and which may be externally visible to determine their vulnerability.
Firewall Bypass Testing: during this process, a pen tester will examine the security hardening and configuration of the firewall and other exposed systems to establish how resistant they are to further penetration should unauthorised access be achieved.
System Access via Modems: The objective here is to identify, wherever possible, the type of connection service being offered by active modems and whether these may present an opportunity to the outsider to gain easy access to a computer system.
Telephone Scanning: The concern here is that there may be unauthorised or ‘semi-official’ modems connected to organisations phone lines and providing access to their computers. The scanning techniques for detecting these and any authorised modem lines are those used by the hacking and phone phreaking community.
Internal Network Penetration Testing
The main objective for this type of pen test is to determine what an attacker(s) could achieve, with some level of authorised access to the organisation’s IT services, by exploiting security weaknesses and vulnerabilities in the IT system.
There are three levels to Internal Network Penetration Testing:
- Network Level: testing for vulnerabilities in the internal network services can provide insight into how an attacker could gain unauthorised access to computers and services on the network.
- Computer Level: testing for security misconfigurations and vulnerabilities in the operating systems attached to the organisation’s networks.
- User Level: testing that is carried out based on the access levels of various user roles to determine the potential impact of an insider threat.
Web Application Penetration Test
Each time an organisation uses or publishes web-based applications, it is best practice to carry out a test to identify ways to exploit the application.
Typically in two stages, the pen test will be completed initially with no authentication to the web applications and then with a valid user account for testing privilege escalation vulnerabilities and assessing any weaknesses with the authentication and authorisation mechanisms.
Remediation advice will be offered with regards to security configurations and vulnerabilities identified. Most web applications are tested following the (Open Web Application Security Project) OWASP guidelines.
Social Engineering & Physical Penetration Testing
These types of penetration testing have the same objectives as network penetration tests to identify weaknesses and vulnerabilities. However, rather than focusing on a software or hardware system, a social engineering pen test focuses on the people within an organisation.
Physical Penetration Testing simulates a situation to breach the physical security defences within an organisation and is often utilised within a wider social engineering exercise. Examples can involve pen testers tailgating employees to gain physical access to a building.
A physical penetration test can also include activities such as shoulder surfing to see what confidential or sensitive information can be retrieved and social engineering to gain access to secure or restricted areas.
Wireless Pen Testing
A wireless network that has not been configured correctly can allow an attacker to exploit the system. All networks will be tested during a wireless penetration test, including corporate and guest networks and wireless access points, to find vulnerabilities that bad actors could exploit.