Network Penetration Testing
Secure your network infrastructure by identifying vulnerabilities that could enable an attacker to subvert, disrupt or destroy your digital assets and the business services they support.
What is Network Penetration Testing?
Network Penetration Testing is a key part of the assurance lifecycle for digital systems and assets, to ensure that your network infrastructure is securely implemented and that your networked assets cannot be abused through misconfiguration or vulnerability.
The primary goal of a Network Penetration Test is to identify vulnerabilities which can be exploited by attackers targeting network devices and connecting infrastructure such as routers, switches, systems, and hosts.
Network Penetration Testing can be performed both internally and externally, targeting internal systems and infrastructure and internet-facing hosts respectively. It is designed to identify vulnerabilities that could affect the confidentiality, integrity or availability of systems and the data they process.
WHY SHOULD YOU UNDERTAKE NETWORK PENETRATION TESTING?
Penetration testing is critical to establishing a robust security baseline for your digital environments. Assuring the health of your network infrastructure and components is vital to business continuity and a core component of effective risk management, to ensure the resilience of the critical business services that your digital systems and technologies underpin.
Regularly testing your network infrastructure is essential for organisations who are reliant on digital systems and technologies in order to provide their business services. JUMPSEC recommends that all organisations who are dependent on evolving digital infrastructure incorporate regular testing into their ongoing security assurance programme to ensure an appropriate level of cyber resilience is achieved.
WHAT OUTCOMES WILL A JUMPSEC PENETRATION TEST PROVIDE?
- Complex technical risks translated into business terms demonstrating the value of cyber security investment in terms of business risk reduction.
- Enable the timely identification and remediation of vulnerabilities which could be exploited by an attacker to cause harm to your business.
- Build resilience against realistic attacker techniques by simulating the ways that a real-world attacker will target your network.
- Increase confidence in the security posture of your digital assets to build the trust of your internal stakeholders and external authorities, customers, and partners alike.
- Satisfy a range of compliance requirements with a comprehensive report detailing vulnerabilities identified and recommended remedial actions prioritised by risk.
Get a quote now
Complete the form for a comprehensive quote from our team.
JUMPSEC requires the number of internal and external IPs to be tested, subnets, and the number of physical locations covered to scope the test.
JUMPSEC’s network penetration test follows a phased delivery approach:
- Discovery and enumeration of live hosts, services, unpatched software, and exposed assets.
- Scanning for vulnerabilities using automated techniques, combined with manual investigation and validation of findings to determine impact.
- Identification of potential confidential information disclosure, logic flaws and insecure configurations.
- Analysis to validate and create advanced attack chains and exploits.
- Exploitation* of identified vulnerabilities to identify and demonstrate their overall business impact.
*JUMPSEC consultants assume that they are emulating well motivated but non-destructive external attack with minimal prior information, as such no disruptive or destructive testing will be undertaken during exploitation. JUMPSEC will always seek approval before undertaking any activities that may result in network disruption.
The cost of a network penetration test is determined by the number of days it takes to fulfil the agreed scope of the engagement. To receive a quotation, your organisation will need to complete a pre-evaluation questionnaire. JUMPSEC experts are available to guide you through this process.
External network penetration tests target infrastructure that is accessible by an attacker outside the organisation's network perimeter which can be reached via the public internet.
An external network penetration test is suitable for any organisation that has network infrastructure exposed to the public internet and needs to determine the potential cyber threat from an external attacker. The more an organisation relies on technology as an enabler the more important it is to have an accurate measure of risk to inform security strategy.
An internal network penetration test targets digital infrastructure inside your network that cannot be directly accessed by internet-based attackers without first breaching the network perimeter.
Robust internal network security controls are an essential aspect of an organisations security controls in order to limit a malicious actor's ability to cause real harm.
Historically, organisations have focused on securing themselves from external cyber threats. However, current best practice recommends a robust internal network with layered security controls to prevent an attacker from traversing the internal network.
Organisations solely concerned with securing their perimeter often leave themselves exposed once an attacker is able to breach the perimeter. Due to the advanced nature of threats today, a persistent and motivated attacker is likely to breach any network given enough time and resources. Failing to implement suitable internal network controls can leave organisations exposed once an attacker is able to bypass controls at the perimeter.
Ensuring internal network infrastructure is secured in line with a 'defence-in-depth' approach designed to increase the difficulty and cost to an attacker attempting to traverse the internal network can reduce the risk of an attacker who is able to breach the network being able to achieve their goal.
Sources of internal attacks may also include disgruntled, malicious, or negligent employees, contractors and site visitors as well as external threat actors. These individuals are likely to already possess authenticated access to the internal network with varying levels of user privilege associated with their role. Testing can therefore be conducted from the perspective of an individual with similar access to the network as an employee to evaluate the risk posed by insider threats.
We recommend that an internal network test is performed on-premise. If your organisation's network is segregated, testing may need to be tested from different physical locations where remote access is not possible.
Where on-site deployment is not possible JUMPSEC can work with clients to develop alternative methods of gaining internal network access such as through the deployment of Remote Access Gateways. JUMPSEC is experienced in overcoming remote delivery challenges in a safe and secure manner.
JUMPSEC can deliver all types of network penetration testing and related assessments, including:
- Internal Network Infrastructure
- External Network Infrastructure
- Cloud Build and Configuration Review
- Host Build and Configuration Review
- OS Build and Configuration Review
- Domain Configuration Review
- Wireless Penetration Test and Configuration Review
- OT Penetration Testing
- ICS / SCADA Penetration Testing
- IOT Security Review
- Firewall Configuration Review
- Network Discovery and Asset Mapping
- Network Architecture Security Review