We uncover possible weak points in the IT environment and make recommendations for action so that they can sleep peacefully again.
Small and medium-sized companies often do not have sufficient internal resources to adequately protect data and tools from unwanted access. This is where the specialists from Koller Engineering come into play. Our experts put your IT landscape through its paces. Ask for a non-binding offer: Contact
Our toolbox includes proven tools and methods. A comprehensive picture of the situation shows where minimum standards and norms are adhered to and where action is needed. We also accompany our customers over longer periods of time and carry out regular scans and audits.
Pentesting services for SMBs. Request a quote now:
External Network Penetration Test
Setting up a strong perimeter
One of the most common forms of penetration testing, especially for SMEs, is an external network pentest. In this form of pentest, all systems in the vicinity of a company are checked, i.e. all systems that are publicly accessible via the Internet. Because these systems are accessible to everyone, they are a company’s most easily and regularly vulnerable systems. They are likely to be scanned and attacked almost daily. Most of these attacks are automated and try to find simple vulnerabilities – but that shouldn’t distract from the fact that even a small vulnerability can have a significant impact.
The difference between an internal network penetration test and an external network penetration test is that an external network pentest assesses a company’s security posture from the perspective of a stranger who could be sitting thousands of miles away from the target. This perspective helps an organization understand how effective its external security posture is while identifying misconfigured controls or vulnerabilities that could be exploited from anywhere in the world.
What does an external network test check?
- Misconfigured firewall rules
- Open ports
- Ineffective IDS
- Weak password policies
- Unpatched Systems
- Shared cloud resources
External Network Test Methodology
The importance of a structured and consistent methodology in external network penetration testing should not be underestimated. While each project differs in scope, objectives, and tools needed, a consistent methodology ensures thorough coverage of each attack surface. Our team uses a structured process that ensures the quality of work at each audit.
Step 1: Collect information and list
The first step we take in evaluating a company’s external network is to collect and list information about the target; this is also known as the reconnaissance phase. This step is critical because it creates a solid foundation of information that can later be used to identify vulnerabilities and attack vectors. In penetration testing, there are 2 different forms of exploration:
- Passive reconnaissance is the process of identifying information without ever interacting directly with the target environment. Good examples of passive intelligence are reviewing databases with breached credentials or reviewing job postings to find out what types of tools are used in the company.
- Active exploration is the process of reconnaissance where the target application is approached directly. Our auditors use a number of different IP block and system scanning tools to gather information about the hardware, hosts, and firmware.
Step 2: Modeling the threat
Threat modeling is an essential but often overlooked step for a high-quality pentest. In this phase, auditors use the previously learned information to capture the network architecture, operating systems, open ports, and underlying services. Another important part of threat modeling is categorizing the different types of data that can be obtained during a pentest in a way that indicates the severity of the different outcomes. Threat modeling helps pentesters understand more than just the technical aspects of outcomes and allows them to formulate their findings in a way that aligns with the business.
Step 3: Vulnerability analysis
As soon as auditors enter the vulnerability assessment phase, they begin using tools to identify potential vulnerabilities in the environment. Automated tools help identify easy-to-discover vulnerabilities before our team moves on to where we spend most of our time: manual analysis and exploitation. We are often asked what kind of automated tools we use for scanning. The answer varies by scope, but we regularly rely on a few commercial tools we’ve integrated ourselves, such as Burpsuite Pro, Metasploit, and Nessus.
Step 4: Recycling
In this phase of penetration testing, we begin by securely exploiting identified vulnerabilities and misconfigurations to determine what impact the various outcomes may have on the business. Our team will try to gain access to the devices and systems to penetrate the internal network. In the exploitation phase, auditors can better understand how the various vulnerabilities affect the business and help the customer prioritize remediation. This plays an important role in creating a report that provides the client with actionable next steps. Below are some examples of vulnerabilities that we try to exploit in an external network pentest.
- Compromising remote external services: With the introduction of remote work, more and more companies are relying on services that allow employees to access internal corporate network resources from remote locations. Our auditors try to gain access to these remote service gateways to gain a foothold in the environment.
- Exploit public-facing applications: Applications, databases, and network device administration and management protocols often have programs that target the Internet and could be exploited by malicious actors. We help with the evaluation of these systems and portals.
- Standard and staff accounts: Software, operating systems, and devices have set up default accounts that may still be in use. Attackers will try to misuse credentials to gain access to an environment. In addition, employees can reuse credentials that have already been compromised in other attacks (e.g., Google email/password), so our team uses a proprietary database of breached credentials to investigate this type of attack path.
Step 5: Documentation and reporting
At the end of each penetration test, customers receive a report that documents the results and includes actionable steps to improve the security of their network environment. At this stage, we summarize all the results of the pentest and compile them into a report What you get with the report is described below:
- Summary and strategic recommendations
- Strengths and weaknesses
- Technical documentation: test procedures & screenshots
- Actionable Steps to Remediate
- Summary document (disclosure to third parties without revealing highly sensitive information)
It’s important to highlight the value of a good pentest report – it helps with strategic decisions and budgets, it is provided to auditors for compliance with rules and regulations, and it can be made available to enterprise customers who require their suppliers to pay annual pentests.
Step 6: Tests to fix the deficiencies and update the reports
After implementing the remediation steps described in the report as a customer, our testers conduct a remediation test to ensure that not only have all previously identified vulnerabilities been eliminated, but also that no new vulnerabilities have emerged during the remediation process. We will update the report and prepare a summary document that reflects the resolved state.
Internal Network Penetration Test
Internal network tests are an evaluation of all systems in the (internal) corporate network. Conducting an internal network test looks at what would happen if someone around you were to gain a foothold; this could be done by exploiting the external network, by using an employee’s credentials, or by a malicious action by an employee. Traditionally, companies have assumed they are safe if they have a hardened perimeter, but time has shown that you need much more than that. An egg is a common analogy when it comes to a poorly secured network: You don’t want