What Does Penetration Testing Do and Why Is It Important?
Everyone says an organization should conduct a penetration test. But some companies don’t care about it. Some people are not sure how often to a conduct a penetration test. Let’s just step back and go over why should a company be serious about a penetration test.
A penetration test gives you really a look at reality. We can say that there’s 20,000 vulnerabilities on your network, but really what does that mean? A penetration test really validates that a threat actor can actually get in and see inside your network. It shows really how far the attacker could get because it is an attack simulation.
By performing a simulated attack on your network, you gain insight into how much access to internal data an attacker could obtain. This presents powerful perspective that can help make better decisions in protecting against real-world threats.
There are different types of penetration tests. There’s external penetration tests and internal penetration. Yes, I think there’s real validity to both types. A lot of people really focus on just the external. That’s really an old school mentality, because doing just an external test assumes there’s no other way into your network. Let’s look at what the two types are.
External Penetration Tests
An external penetration test is the test that can help identify vulnerabilities in your system that could be exploited from the outside. It does not address the risk of an attacker gaining access to your network through other means. Conducting only an external penetration test is not sufficient to adequately protect your network from potential threats.
For instance, an attacker could use stolen credentials to access your network through a virtual private network (VPN) or could leverage a phishing attack to obtain valid login credentials. Alternatively, an attacker could successfully infiltrate your system through a back door or by exploiting a vulnerability in your Exchange Server using a brute force attack. To properly safeguard your network, it is important to not only conduct an external penetration test, but also conduct an internal penetration test.
An external penetration test is certainly valuable for discovering vulnerabilities in web servers, Exchange Servers, and other network components that may have been overlooked. However, it does not provide a full picture of security risks as the assessment is restricted to what an outside attacker can see from beyond your perimeter. An external penetration test is missing 90% of the picture.
Internal Penetration Tests
Why have the internal penetration test? An internal penetration test is actually more relevant these days because most attacks aren’t just happening because a brilliant hacker is hacking your specific website or server. Most of the time an attack happens, it’s because the attacker has your credentials. They’ve actually phished you and they’re getting in through your VPN. The attacker is getting in through your remote desktop. They’re actually able to get into your network. So, when we say they are “hacking in”, they’re really just logging in right. That exactly the new way of hacking is logging in.
How do they get to log in? Let’s say I stole your credentials, and I did some research and found out that okay vpn.whateveryourcompany.com is a valid host and I can try VPNing to that or I do a DNS reconnaissance and I find out how I can remote in. Or I find some service that I can log in as a user through. Whether it’s you know some web service, SharePoint, or whatever and I can gain access to your network as a user with those creds.
Once I’m in as that user, that is when the internal penetration test matters. An internal penetration test can discover how far I could get. If you’re following best practices, most of your users aren’t administrators so you’re logging in with a normal user. So if I’m logged in with a normal user, how far in my in your network can I do go what kind of devastation can I create?
The internal penetration test is not only for logged in users, but also important for other vulnerability. Let’s say somebody did come in through an unpatched vulnerability and you know from the external got into your network. Now what can they see and what they can affect once they’re in your network. Once they’ve you know actually gained foothold in your network, what are they able to do? That’s really where the internal and test is important.
Get Started for Free
Airiam is providing a free internal penetration test to organizations to demonstrate the vulnerabilities present in their systems. By identifying these gaps, companies can take action to address them using their own resources and technology, or by utilizing Airiam’s cyber resilience solutions such as AirGuard™ for managed security or AirCTRL™ for IT management. By taking proactive steps to identify and address vulnerabilities, companies can improve their overall cyber resilience.