Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Descriptive Alt Text

External and Internal Testing: Whats the Difference

August 12, 2023 • Reading Time: 4 minutes

Securing your organisation using policies and technical controls is critical; however, unless these controls and policies are regularly tested, an organisation cannot determine or monitor their effectiveness. It seems as though every week there is a new cyber attack reported that may affect just one organisation or multiple organisations simultaneously.

The importance of penetration testing

Building strong security controls and processes is essential to building effective defences. By engaging in Penetration testing, you can test and improve the controls and processes you already have in place to help build an effective and strong defence-in-depth cybersecurity posture.

External & internal infrastructure penetration testing

Infrastructure penetration testing simulate attacks against specific network assets to determine business risk and financial impact should a vulnerability be identified and exploited by an attacker.

At Secora Consulting, we carry out tests on a wide variety of infrastructure types, the most common being External and Internal Infrastructure penetration testing, which we are going to discuss in this blog.

External infrastructure penetration test

External infrastructure penetration testing is a practice that assesses the externally facing assets of an organisation.

During an external penetration test, the assessor attempts to gain entry into the internal network by leveraging vulnerabilities discovered on the external assets. Alternatively, the tester may attempt to gain access to privileged data through external facing assets such as email, websites and file shares.

Scoping an external infrastructure penetration test During the test, Secora Consulting will perform reconnaissance on the in-scope assets, gathering intelligence on all assets in scope. This intelligence can include open ports, vulnerabilities, information on your organisation that may be available online, and general information about the organisation’s users for password attacks.

We will undertake a comprehensive and systematic approach, using realistic attack vectors your organisation might be subjected to, in order to determine how a malicious attacker could externally compromise your network and critical systems.

Internal infrastructure penetration test

Internal infrastructure penetration testing continues the assessment by helping to identify how far an attacker can move laterally through your internal network. An attacker could gain access to your internal network in numerous ways, either by breaching the external network, obtaining a copy of staff login credentials, or in some cases the attacker could be a staff member intentionally or unintentionally performing malicious activities.

Scoping an internal infrastructure penetration test During an internal penetration test, Secora Consulting’s testers will either leverage the exploited host computer/machine from an external penetration test, or use a testing host computer/machine or laptop on the inside of the network to conduct the assessment.

How an internal infrastructure penetration test works Internal reconnaissance and attacks are launched from this initial point. While a poorly secured domain control may lead to total control of the network at this point, most tests require multiple attack paths to achieve their testing objectives. This method often includes exploiting less-important systems, and then leveraging information found on these systems to attack the more mission-critical more important systems in the network.

We use our proven methodology to identify how susceptible your organisation is to a breach across your internal network. We will evaluate how a malicious attacker or rogue staff member could internally compromise your network and critical systems.

Conclusion

Given the recent high-profile breaches, securing your organisation with robust policies and technical controls is not just a necessity, it’s an ongoing commitment. The alarming frequency of cyber attacks highlights the urgent need for organisations to not only implement these measures but also to regularly test their effectiveness. Penetration testing serves as a vital tool in this process, offering a proactive approach to identify and strengthen potential vulnerabilities in both external and internal infrastructures. By simulating realistic attack scenarios, Secora Consulting provides invaluable insights into how an attacker could compromise your network, allowing for the continuous improvement of your cybersecurity posture. It’s crucial for organisations to recognise that security is not a one-time setup but a continuous process of evolution and reinforcement. We urge all organisations to prioritise regular penetration testing as a key component of their security strategy, ensuring a robust defense against the ever-evolving landscape of cyber threats.

Recent Posts

Let's Talk About Your Project

Leave us your details and one of our team will reach out to explore how we can assist with your cybersecurity requirements.

Postal address

The BASE Enterprise Centre

Railway Road

Stranorlar

Co. Donegal

Ireland

F93 VAK6

Phone number
IE: +353 74 970 7876 | UK: +44 20 4538 2818
Email
info@secoraconsulting.com

To learn more about your data and privacy rights, visit our Privacy Statement.