Network Penetration Test

Share this page:

Network Penetration Testing Information

Network Penetration Testing is a hands-on analysis of network/systems security, performed by an experienced analyst, usually using a combination of open-source and commercial utilities, with the objective being to determine the probability that vulnerabilities can be exploited, and if so the associated business impact.

Key activities include:

Leveraging Vulnerability Assessment data to focus Penetration Activities on areas of greatest vulnerability;
Hands-on testing by an experienced security analyst with the objective of determining if application vulnerabilities (generally discovered via Vulnerability Assessments) can be exploited to malicious end;
Alignment of testing with prevailing good practices (e.g., OSTTMM, ISACA) to maximize the level of assurance that the testing provides;
Formal reporting on the process, gap analysis, relevant findings, and mitigation roadmap. Where possible the report will also include: root cause analysis, peer-group benchmarking, good practice benchmarking, executive summaries, and technical summaries

The predominant benefits realized by a Network Penetration Test are:

Provides a measure of the probability that a vulnerability can be exploited and the impact that it may have to the organization;
Can identify flaws in configuration management that Vulnerability Assessments are usually incapable of finding; and
Can identify where multiple minor vulnerabilities can be sequentially leveraged to malicious means.

Network Penetration Tests are best used:

As the least expensive means to provide attestation to the net security posture of an environment;
As part of a broader “certification and accreditation” exercise to provide a higher level of assurance for critical applications; and
As an information-gathering mechanism to focus more in-depth network security assessment activities.

Network Penetration Testing Options

Dependent upon client objectives and request for attestation we may employ various Network Penetration Testing techniques aligned with said objectives.

The Investigative Attacker doesn’t have a lot of time, and doesn’t have a lot of tools, and may not even be targeting you specifically. He may stumble upon your external IP during a sweep and will pay you little mind unless you have an obvious security problem. Attackers that get in through a blank or default password on an administrative account are Investigative Attackers.

The Intentioned Attacker has more time, and a few more tools than the Investigative attacker. More importantly, she has intent. She wants to find a weakness in your network specifically. Attackers that get in by exploiting an unpatched vulnerability in an operating system or network service are Intentioned Attackers.

The Tenacious Attacker has time, tools, intent, and determination. He is willing to go the extra mile to make it past your defenses. He may even attempt social engineering to find a way beyond your perimeter defenses. He will do it quietly, though, and take care to go unnoticed. Attackers who convince your help desk to reset an account password for them are Tenacious Attackers.

Network Penetration Testing Downloadable Resources

Network Penetration Testing Articles

Learn How We Can Help You

ISO 27001 Roadmap

ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.

Database Security Roadmap

Database Security is one step in a comprehensive approach to building a robust Information Security Management System.

Penetration Testing

Penetration Tests are often used in a manner that is inconsistent with achieving the assurance that the organization seeks.

SIEM Whitepaper

Best Practices for SIEM learned from working closely with numerous vendors and customers on a wide variety of SIEM projects.