Know Your Options: Levels of Service for External Network Penetration Testing

by Sarah Harvey / January 31st, 2020

Thinking about hiring a firm to conduct an external network penetration test? What is an external network penetration test and why you need one? Or, have you recently been disappointed with an external network penetration test engagement? At KirkpatrickPrice, our experienced penetration testers want our clients to walk away from each engagement knowing that they are more prepared to combat advancing cyber threats. We are committed to conducting the most realistic, thorough testing possible because when an attacker compromises your external network, it’s likely that they won’t stop there. They’ll go a step further and utilize social engineering tactics, like creating phishing emails specific to your organization, to further infiltrate your environment. That’s why we recommend knowing your options and understanding the different levels of service available for external network penetration tests.

Choosing Levels of Service for External Network Penetration Testing

Standard – External Network Penetration Testing

An external network penetration test provides insight into what an attacker outside your network could exploit. Findings might include:

Discovery of open ports, protocols, and services that were accidentally exposed to the Internet
Discovery of data leaks, such as excessively open permissions on Amazon S3 buckets
Identification and exploitation of old or unsupported systems. These are especially prone to compromise since exploits are more likely to be widely available
Identification and exploitation of unpatched or misconfigured systems. On multiple occasions, our testers have found systems with remote-code execution vulnerabilities or misconfigurations that allow passwords to be leaked, among other bugs
Broken encryption methods (most common on websites, but also for systems like SSH or VPN servers)

Advanced – External Network Penetration Test Plus Social Engineering

A good ethical hacker will want to utilize as many tactics as possible to discover potential vulnerabilities in an external network. That’s why our penetration testers take external network penetration tests to the next level – the advanced level. They don’t feel like they’re delivering on their work until they go the extra mile and use creative ways to exploit your external network. This typically looks like social engineering methods, such as phishing, to make the penetration test more realistic. An external attacker is not just interested in checking the security of your network perimeter and moving on if they don’t find anything – they’re interested in using external-facing systems (such as email) to get directly into the network. When you’re selecting a firm to conduct your external network penetration testing, consider asking them about social engineering. This provides additional value, such as:

Measures mentioned for external testing alone
Reviewing layers of security – if an employee accidentally gives away a password when phished, does this impact the external security, and how?
Testing security awareness of employees when it comes to email and phone
Evaluation of how well email protection/spam filtering measures and protects users from potentially dangerous content
Evaluation of how well endpoint protection protects users

Because hackers are so likely to compromise environments using multiple attack vectors, we highly recommend understanding your options when it comes to levels of service and choosing an advanced level external network penetration test. This extra measure will test to ensure that all potential vulnerabilities are found.

Case Study: Advanced External Network Penetration Test

Did you know that in 2019, 32% of breaches involved phishing, and over 60% of breaches involved the use of stolen credentials? Phishing is one of the simplest and most frequently used attack methods used by malicious hackers. Educating your employees on how to identify and report such emails is essential – and it’s a skill that needs to be thoroughly tested by someone experienced in creating realistic phishing emails. Our penetration testers have executed phishing attempts that have been so convincing that 40% of IT personnel compromise their passwords.

In one engagement, a KirkpatrickPrice penetration tester performed a red team engagement on a casino and resort. In order to gain access to the network, the penetration tester sent out a phishing email that impersonated the casino’s HR department. The email stated that there was a new HR portal that employees needed to log in to and verify their personal information. If they didn’t, the phishing email threatened that a delay in payroll might occur. The penetration tester even went as far as creating a fake HR portal webpage identical to the casino’s brand and link to it in the phishing email. With the fear of payroll being impacted, many employees (even some HR employees) clicked on the phishing link, allowing the penetration tester to obtain several sets of credentials and utilize a VPN connection to access the network of the casino. From there, they were able to compromise the entire network.

Had this casino opted to only do a standard external network penetration test, it’s likely that the phishing email never would’ve been created and the casino would have no idea that its employees so easily click on a phishing email. Instead, the casino and resort would have only received findings of things like open ports, protocols, and services that were accidentally exposed to the Internet, or unpatched or misconfigured systems, and it would be left vulnerable to more thorough hackers.

Getting the most out of your penetration test comes down to choosing the right penetration tester and knowing your options for the levels of service. If you’re in the process of selecting a firm to conduct penetration testing for your organization, let’s chat more about the different levels of service for external network penetration tests and how we can partner to get you the results you need.