NETWORK PENETRATION TESTING

WHAT IS A NETWORK PENETRATION TEST?

Network Penetration Testing is a simulated, real-world cyber attack used to identify vulnerabilities and exploit those vulnerabilities before the attackers compromise critical data. This risk assessment is a proactive mitigation service that reveals, or confirms, the security posture of the tested system.

Network Penetration Testing is one of the most popular methods of testing the effectiveness of a cyber defense system. This is usually performed by a competent group of security professionals who attempt to penetrate your networks using any data obtained from a vulnerability assessment. Since this simulates a real-world attack, it is considered the best test for any security infrastructure.

There are a few key features that separate Penetration Testing from other types of testing:

  • Exploiting Vulnerabilities: Although Vulnerability Assessments are aimed at finding vulnerabilities, penetration testing takes it a step further. Security professionals purposely try to exploit vulnerabilities to gain unauthorized access to targeted network and systems. This exposes the real-world risks of vulnerabilities identified and ensures that the organization is never caught off-guard.
  • Additional Manual Testing: Building upon the VA results, penetration testing goes further by working to determine the depth of risk associated with security issues. Information Security experts manually test and exploit security issues to illustrate the damage that may result from a real-world attack.
  • Deeper Scope: While other types of testing are done to find problems and fix them, penetration testing is performed to find problems and exploit them. So, penetration tests tend to have a much deeper scope than Vulnerability Assessments.

The Supervisory Control and Data Acquisition and Industrial Control Systems (SCADA/ICS) Test is a specialty pen test.

image-1
Pen-Test-Pillar-Banner

Pretty much everything you'd need to know about pen testing. 

LEARN MORE

BENEFITS

Benefits of a Network Penetration Test performed by RedLegg include:

INSIGHT:

Gain insight into many of the risks faced within your enterprise by identifying shortcomings in your existing security program.

EFFICACY:

Prioritize the biggest threats to the organization and strategically plan the necessary roadmap to safeguard your organization.

PROACTIVITY:

Reduce the impact and likelihood of a successful breach and data exfiltration through testing and securing of your organization.

COMPLIANCE:

Show customers and stakeholders your commitment to securing and protecting the most valuable assets against various threat actors.

September 10 | Downtown Chicago

Penetration Testing Workshop

Pen Testing Workshops with RedLegg is a regional event series for cybersecurity professionals looking to build and expand their security strategies to grow and better protect their businesses.

PENETRATION TESTING METHODOLOGY

The RedLegg methodology for conducting Network Penetration Tests is based on a proven track record of providing high-quality results and detailed corrective actions that can help lower the overall risk of the tested environment. Each assessment, however, is a specialized event unique to each client and application.

RedLegg has developed a robust assessment methodology that maximizes technical results while minimizing the impact to the testing environment. Although this methodology has been customized, it is based on proven industry best practices from the Open Source Security Testing Methodology (OSSTM), the Open Web Application Security Project (OWASP), and the Penetration Execution Standards (PTES).

Download The Sample Report

PHASE 1:
RECON

During this phase, RedLegg will generate threat intelligence, research open-source intelligence (OSINT) available about the organization, and enumerate the network to discover ports, services, and potential attack vectors for use during testing.  Techniques that may need to be run (but are not necessarily required) during the engagement include:

  • WHOIS searches
  • NMAP scanning
  • Nessus scanning
  • Burp Suite scanning
  • Arachni scanning
  • Nikto scanning
  • Zone transfers
  • DNS brute forcing
  • SNMP enumeration
  • Email harvesting
  • Metadata harvesting
  • Banner grabbing
  • SIP enumeration
  • IKE enumeration

PHASE 2:
VALIDATION

RedLegg will validate the reconnaissance findings to determine whether a vulnerability exists and is actionable.  Any vulnerability that can be validated as 100% false (false positive) will be removed from the test during this phase.

PHASE 3:
THREAT MODEL

RedLegg will create a threat model of the organization based on the Client vertical and any discovered threat intelligence affecting the organization.

PHASE 4:
ATTACK PLAN

RedLegg will create an Attack Plan based on the generated threat model for the organization, and the information discovered during Phase 1 and validated during Phase 2.  This plan will focus, as a priority, on in-scope attack techniques that are more likely to be leveraged against the organization.

PHASE 5:
EXPLOITATION

RedLegg will attempt to gain a foothold on an exploitable system based on the Attack Plan.  RedLegg will leverage any footholds to achieve the mutually understood Client testing objective. 

PHASE 6:
DELIVERABLE CREATION

RedLegg produces three deliverables detailing the results of the assessment including the Penetration Testing Report, a spreadsheet containing the discovered vulnerabilities, and a package containing the raw data from the penetration test.

PHASE 7:
DEBRIEFING

Once the deliverables have been received, RedLegg will schedule a debriefing meeting to discuss the results of the assessment.  During this phase, RedLegg will work with the Client to determine any necessary changes to the report.

PHASE 8:
RETESTING (OPTIONAL)

Within 90 days of the findings meeting, RedLegg can perform two types of retesting.  The first type tests the remediation of any discovered and reported vulnerabilities that the Client says are now remediated.  Any tested items found to be remediated will be updated with that information in the report.  The second type is a full retest of the network scope to determine if any fixes have created new vulnerabilities.

  • PHASE 1:
    RECON
  • PHASE 1:
    RECON

    During this phase, RedLegg will generate threat intelligence, research open-source intelligence (OSINT) available about the organization, and enumerate the network to discover ports, services, and potential attack vectors for use during testing.  Techniques that may need to be run (but are not necessarily required) during the engagement include:

    • WHOIS searches
    • NMAP scanning
    • Nessus scanning
    • Burp Suite scanning
    • Arachni scanning
    • Nikto scanning
    • Zone transfers
    • DNS brute forcing
    • SNMP enumeration
    • Email harvesting
    • Metadata harvesting
    • Banner grabbing
    • SIP enumeration
    • IKE enumeration
  • PHASE 2:
    VALIDATION
  • PHASE 2:
    VALIDATION

    RedLegg will validate the reconnaissance findings to determine whether a vulnerability exists and is actionable.  Any vulnerability that can be validated as 100% false (false positive) will be removed from the test during this phase.

  • PHASE 3:
    THREAT MODEL
  • PHASE 3:
    THREAT MODEL

    RedLegg will create a threat model of the organization based on the Client vertical and any discovered threat intelligence affecting the organization.

  • PHASE 4:
    ATTACK PLAN
  • PHASE 4:
    ATTACK PLAN

    RedLegg will create an Attack Plan based on the generated threat model for the organization, and the information discovered during Phase 1 and validated during Phase 2.  This plan will focus, as a priority, on in-scope attack techniques that are more likely to be leveraged against the organization.

  • PHASE 5:
    EXPLOITATION
  • PHASE 5:
    EXPLOITATION

    RedLegg will attempt to gain a foothold on an exploitable system based on the Attack Plan.  RedLegg will leverage any footholds to achieve the mutually understood Client testing objective. 

  • PHASE 6:
    DELIVERABLE CREATION
  • PHASE 6:
    DELIVERABLE CREATION

    RedLegg produces three deliverables detailing the results of the assessment including the Penetration Testing Report, a spreadsheet containing the discovered vulnerabilities, and a package containing the raw data from the penetration test.

  • PHASE 7:
    DEBRIEFING
  • PHASE 7:
    DEBRIEFING

    Once the deliverables have been received, RedLegg will schedule a debriefing meeting to discuss the results of the assessment.  During this phase, RedLegg will work with the Client to determine any necessary changes to the report.

  • PHASE 8:
    RETESTING (OPTIONAL)
  • PHASE 8:
    RETESTING (OPTIONAL)

    Within 90 days of the findings meeting, RedLegg can perform two types of retesting.  The first type tests the remediation of any discovered and reported vulnerabilities that the Client says are now remediated.  Any tested items found to be remediated will be updated with that information in the report.  The second type is a full retest of the network scope to determine if any fixes have created new vulnerabilities.

SEVERITY RATINGS DESCRIPTION

RedLegg’s analysis process evaluates risk, ease of use, availability, and likelihood of exploiting a given finding to determine the severity rating. This determination may result in ratings that are different than the ones found within CVSS or automated tools. RedLegg uses the following severity ratings:

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
  • INFORMATIONAL

CRITICAL

Exploitation of a Critical vulnerability could allow code execution without user interaction.  These scenarios include self-propagating malware (e.g. network worms), or unavoidable common-use scenarios where code execution occurs without warnings or prompts.  This could mean browsing to a web page or opening email.

Critical issues should be addressed immediately.

HIGH

Exploitation of a High vulnerability could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.  These scenarios include common-use scenarios wherein the Client is compromised with warnings or prompts regardless of the prompt's provenance, quality, or usability.  Sequences of user actions that do not generate prompts or warnings are also covered.

Issues rated as High should be addressed at the earliest opportunity.

MEDIUM

The impact of a Medium vulnerability is mitigated to a significant degree by compensating controls such as authentication requirements or applicability only to non-default configurations.

Consider applying these security updates in accordance with corporate patching and/or maintenance.

LOW

Low vulnerabilities are comprehensively mitigated by the characteristics of the affected component.  Evaluate whether to apply the security update or mitigating control to the affected systems.

INFORMATIONAL

Anything that does not fit into the categories above, but that the customer should still be made aware of, is rated as Informational.  There are not always solutions or recommendations for Informational findings, as there may be no resolution.  If there is a risk of negative impact, the finding is not rated as Informational.

  • CRITICAL
  • Exploitation of a Critical vulnerability could allow code execution without user interaction.  These scenarios include self-propagating malware (e.g. network worms), or unavoidable common-use scenarios where code execution occurs without warnings or prompts.  This could mean browsing to a web page or opening email.

    Critical issues should be addressed immediately.

  • HIGH
  • Exploitation of a High vulnerability could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.  These scenarios include common-use scenarios wherein the Client is compromised with warnings or prompts regardless of the prompt's provenance, quality, or usability.  Sequences of user actions that do not generate prompts or warnings are also covered.

    Issues rated as High should be addressed at the earliest opportunity.

  • MEDIUM
  • The impact of a Medium vulnerability is mitigated to a significant degree by compensating controls such as authentication requirements or applicability only to non-default configurations.

    Consider applying these security updates in accordance with corporate patching and/or maintenance.

  • LOW
  • Low vulnerabilities are comprehensively mitigated by the characteristics of the affected component.  Evaluate whether to apply the security update or mitigating control to the affected systems.

  • INFORMATIONAL
  • Anything that does not fit into the categories above, but that the customer should still be made aware of, is rated as Informational.  There are not always solutions or recommendations for Informational findings, as there may be no resolution.  If there is a risk of negative impact, the finding is not rated as Informational.

OUR APPROACH

RedLegg is an innovative, global security firm that delivers managed cybersecurity solutions and peace of mind to its clients.

RedLegg’s approach to information security protects the confidentiality, integrity, and availability of critical data based on a sound risk management framework. This approach allows organizations to engage business owners in defining acceptable levels of risk and to participate in the process for evaluating threats.

RedLegg’s ARMEE (Assess, Remediate, Monitor, Educate, Enforce) methodology institutes a lifecycle that allows for an ongoing process to continuously improve the security posture of the organization. This methodology is designed to be portable to all business, legal, regulatory, and security requirements of the organization. It is flexible enough to account for the constant flux in the market place, attack vectors, and protection mechanisms.

ARMEElogo-1

GO DEEPER.

Reach out to our expert staff to dive into your security gaps and to protect your company from breaches.

DISCOVER MY SECURITY RISKS