Skip to main content

Network Infrastructure Testing

Secure your network infrastructure by identifying vulnerabilities that could enable an attacker to subvert, disrupt or destroy your digital assets and the business services they support.

What is Network Infrastructure Testing?

Network Penetration Testing is a key part of the assurance lifecycle for digital systems and assets, to ensure that your network infrastructure is securely implemented and that your networked assets cannot be abused through misconfiguration or vulnerability.

The primary goal of a Network Penetration Test is to identify vulnerabilities which can be exploited by attackers targeting network devices and connecting infrastructure such as routers, switches, systems, and hosts.

Network Penetration Testing can be performed both internally and externally, targeting internal systems and infrastructure and internet-facing hosts respectively. It is designed to identify vulnerabilities that could affect the confidentiality, integrity or availability of systems and the data they process.

Why should you undertake Network Penetration Testing?

Penetration testing is critical to establishing a robust security baseline for your digital environments.

Assuring the health of your network infrastructure and components is vital to business continuity and a core component of effective risk management, to ensure the resilience of the critical business services that your digital systems and technologies underpin.

Regularly testing your network infrastructure is essential for organisations who are reliant on digital systems and technologies in order to provide their business services. JUMPSEC recommends that all organisations who are dependent on evolving digital infrastructure incorporate regular testing into their ongoing security assurance programme to ensure an appropriate level of cyber resilience is achieved.

What outcomes will a JUMPSEC Penetration Test provide?

  • Complex technical risks translated into business terms demonstrating the value of cyber security investment in terms of business risk reduction.
  • Enable the timely identification and remediation of vulnerabilities which could be exploited by an attacker to cause harm to your business.
  • Build resilience against realistic attacker techniques by simulating the ways that a real-world attacker will target your network.
  • Increase confidence in the security posture of your digital assets to build the trust of your internal stakeholders and external authorities, customers, and partners alike.
  • Satisfy a range of compliance requirements with a comprehensive report detailing vulnerabilities
  • Identified and recommended remedial actions prioritised by risk.

Get a Pen Test Quote Today

Frequently Asked Questions

What information is required to scope a Network Penetration Test?

JUMPSEC requires the number of internal and external IPs to be tested, subnets, and the number of physical locations covered to scope the test.

How is a Network Penetration Test delivered?

JUMPSEC’s network penetration test follows a phased delivery approach:

  • Discovery and enumeration of live hosts, services, unpatched software, and exposed assets.
  • Scanning for vulnerabilities using automated techniques, combined with manual investigation and validation of findings to determine impact.
  • Identification of potential confidential information disclosure, logic flaws and insecure configurations.
  • Analysis to validate and create advanced attack chains and exploits.
  • Exploitation* of identified vulnerabilities to identify and demonstrate their overall business impact.

JUMPSEC consultants assume that they are emulating well motivated but non-destructive external attack with minimal prior information, as such no disruptive or destructive testing will be undertaken during exploitation. JUMPSEC will always seek approval before undertaking any activities that may result in network disruption.

How much does a Network Penetration Test cost?

The cost of a network penetration test is determined by the number of days it takes to fulfil the agreed scope of the engagement. To receive a quotation, your organisation will need to complete a pre-evaluation questionnaire. JUMPSEC experts are available to guide you through this process.

What is an External Network Penetration Test?

External network penetration tests target infrastructure that is accessible by an attacker outside the organisation’s network perimeter which can be reached via the public internet.

Who is an External Network Penetration Test suitable for?

An external network penetration test is suitable for any organisation that has network infrastructure exposed to the public internet and needs to determine the potential cyber threat from an external attacker. The more an organisation relies on technology as an enabler the more important it is to have an accurate measure of risk to inform security strategy.

What is an Internal Network Penetration Test?

An internal network penetration test targets digital infrastructure inside your network that cannot be directly accessed by internet-based attackers without first breaching the network perimeter.

Why do I need an Internal Network Penetration Test?

Robust internal network security controls are an essential aspect of an organisations security controls in order to limit a malicious actor’s ability to cause real harm.

Historically, organisations have focused on securing themselves from external cyber threats. However, current best practice recommends a robust internal network with layered security controls to prevent an attacker from traversing the internal network.

Organisations solely concerned with securing their perimeter often leave themselves exposed once an attacker is able to breach the perimeter. Due to the advanced nature of threats today, a persistent and motivated attacker is likely to breach any network given enough time and resources. Failing to implement suitable internal network controls can leave organisations exposed once an attacker is able to bypass controls at the perimeter.

Ensuring internal network infrastructure is secured in line with a ‘defence-in-depth’ approach designed to increase the difficulty and cost to an attacker attempting to traverse the internal network can reduce the risk of an attacker who is able to breach the network being able to achieve their goal.

Sources of internal attacks may also include disgruntled, malicious, or negligent employees, contractors and site visitors as well as external threat actors. These individuals are likely to already possess authenticated access to the internal network with varying levels of user privilege associated with their role. Testing can therefore be conducted from the perspective of an individual with similar access to the network as an employee to evaluate the risk posed by insider threats.

Can an Internal Network Penetration Test be performed remotely?

We recommend that an internal network test is performed on-site. If your organisation’s network is segregated, testing may need to be tested from different physical locations where remote access is not possible.

Where on-site deployment is not possible JUMPSEC can work with clients to develop alternative methods of gaining internal network access such as through the deployment of Remote Access Gateways. JUMPSEC is experienced in overcoming remote delivery challenges in a safe and secure manner.

What types of Network Penetration Test can you deliver?

JUMPSEC can deliver all types of network penetration testing and related assessments, including:

  • Internal Network Infrastructure
  • External Network Infrastructure
  • Cloud Build and Configuration Review
  • Host Build and Configuration Review
  • OS Build and Configuration Review
  • Domain Configuration Review
  • Wireless Penetration Test and Configuration Review
  • OT Penetration Testing
  • ICS / SCADA Penetration Testing
  • IOT Security Review
  • Firewall Configuration Review
  • Network Discovery and Asset Mapping
  • Network Architecture Security Review

Achieve the cyber security outcomes you need.

We work to enable effective cyber security for our clients; helping them to future proof their cyber defences and realise genuine improvement over time.