External Penetration Testing
Performing an external penetration test can help identify how a potential attacker can cause threats to your system from the outside of your network.
RedDefense Global will clearly identify internal access routes from the outside. Our team of experts will assess the safety of your total external presence, including your perimeter devices, servers, applications, and encryption technology.
Once done, we will attempt to penetrate your network to thoroughly test your security measures and further detect any vulnerability in your systems.
Our focus is to thoroughly test your security measures and detect any vulnerabilities in your Internet-facing systems.
INFORMATION GATHERING AND DISCOVERY PHASE
The objective of this first step is to discover all possible connectivity points to the customer's network from the Internet. This includes,
among other things, identification of ports, services, and external interconnections with partners. At the end of this step, we will have a documented description of the environment that will be used in the external evaluation.
DETECTION – ENUMERATION PHASE
The results obtained from the information gathering and discovery phase will disclose different services and connections that are linked to different vulnerabilities. To enumerate these vulnerabilities is vital because if the system is vulnerable; it can be exploited.
IT IS THEREFORE IMPOSSIBLE TO DISSOCIATE VULNERABILITIES FROM EXPLOITS.THAT IS WHAT HACKERS DO. THEY EXPLOIT VULNERABILITIES.
At the end of this phase, we will have the most complete list of vulnerabilities on your external environment.
This phase simulates attempts to verify the exploitability of the vulnerabilities through manual exploitation.
THE PURPOSE OF THIS IS TO IDENTIFY REAL VULNERABILITIES, FIND OUT IF THE COUNTERMEASURES IN PLACE DETECT THE EXPLOITATION,
AND PROVIDE A PROCEDURE TO PATCH THE VULNERABILITIES BEFORE HACKERS EXPLOIT THEM.
During this phase we will make use of a combination of public domain and proprietary tools to provide a threat profile in the most realistic way. We have a wide range of external attack scenarios, which we will simulate.
We define in advance the results of a "successful" exploit procedure in consultation with our contact point.
These tests are closely coordinated with the client's system administrators and are programmed under their supervision.
All our findings, recommendations, and suggestions are contained in a report. They concern specific vulnerabilities, unsecured IT practices, configuration management and network design.
In addition, we offer an information session after each evaluation. The information session includes a discussion on techniques used to compromise the target system, common attacks on public systems, and a direct question and answer session with the evaluation team.
This is an essential part of our service.