Securing business data

Internal & External Penetration Testing

Secure From Internal Attacks 

Internal penetration tests are designed to emulate the risk of an attacker who has penetrated the network defences, or someone with access who wishes to escalate it. e.g a contractor, non IT staff, temporary staff etc.

At CNS we're experts in providing a rigorous, end-to-end testing process to ensure that our client's networks are totally secure from internal attacks.


Internal Penetration Testing Service Description

Once on site, we will connect testing laptops to the network and begin testing. Typically the issues identified can be broken into three types. Patching - Patching is a huge issue and often some boxes or applications are forgotten. Passwords - Users and systems will often have weak, guessable or plain silly passwords. Policy - Build standards and policies are often weak, allowing unnecessary applications or access. All of which could be exploited by a hacker to gain access to a host whereby privileges may be escalated or access granted.  The methods used for each test will be different, depending on the network, organisation and type of environment.

All testers will have read and understood the scope before starting any testing - before anything is touched any systems ruled out of scope should be null routed or otherwise made inaccessible. Pre-test meetings are also common place when arriving on site, mainly to re-assure the client and re-iterate the scope of the works to ensure nothing goes wrong as well as ensuring certain hosts remain untouched etc.

Upon starting testing the first task to complete is always host discovery, by doing this we will aim to map the entire network and highlight any potential targets for attacking later on in the process. Hosts to attack can also be provided by the client along with any network maps etc - this should be used as a guide line only to speed up discovery, this is also useful if the client has specific hosts they want targeted and have a particular interest in. Such documentation however is somewhat restrictive and tends not to produce the best quality of test in terms of completeness and should be relied on. The port scanning phase follows and often targets the systems discovered in the previous step, every externally available service on a host will have a port assigned to it, by enumerating the open ports we can locate services are likely to be good targets to attack such as Telnet, SSH, web servers, SMB services etc.

Vulnerability scanning follows this step and aims to highlight any obvious attack vectors and vulnerable services, this is usually viewed as a back up to manual testing or as a method of gathering the "Low Hanging Fruit". Manual testing and further investigation of the issues and hosts highlighted in the previous steps follows and carries the general goal of exploitation of a issue or in some cases issues, this is either done manually (in the case of brute forcing, default passwords or exploits that are not widely known) or by using an exploit framework such as metasploit which holds a number of common pre-built exploits.

Remote Access Testing

Most organisations have embraced mobile and remote working and or they have third parties who need to connect to their systems (suppliers, support companies etc). These are gateways into your organisation and it is vital they are tested regularly, to ensure they are secured, only allowing authorised individuals the appropriate level of access. CNS will evaluate the security of VPN, RAS and dial in solutions, from an unauthorised (an attacker on the internet), authorised (average user) and a configuration review.


To speak with one of our experts about Penetration Testing please fill out form below:

Penetration Test Appointment Booking

Please contact me to schedule an appointment via:

*Required fields

The External Penetration Testing Experts

Manual Infrastructure Testing

Virtually all organisations will have at least one internet connection, often several and they will usually be running services on them such as VPNs, email, webmail, webservers etc. All of these are attractive targets to attackers. It is important to understand that organisations are constantly under attack. 

Though it should be noted that it might not specifically be the organisation that is targeted. Many attackers will simply scan the internet to identify vulnerable targets and attack them, rather than specific targeted attacks against an organisation (though this still occurs particularly for high profile organisations).

It is vital that organisations understand the level of risk they are exposed to, reduce it where possible and manage the required risks. CNS can help evaluate and manage this risk through an external penetration test.

Service Description

An external infrastructure penetration test involves a full port scan of TCP and UDP ports of public IP addresses from one of CNS Group's servers. This is followed up by a vulnerability scan of services found to be running on open ports. Vulnerability scans will be first performed with specialist scanners, however if certain services are discovered, other tools and scripts will be applied that are more specific to that service. The scanners we use are capable of finding a number of common vulnerabilities, such as version numbers displaying in services, default passwords, and insecure protocols.

Once all IP addresses are scanned and services identified, CNS testers will manually connect to each service and test for further vulnerabilities. For instance, if an FTP server is discovered, a tester will attempt a limited brute-force of username / password combinations, based on commonly used values or those relating to the client name. In the case of a web application being discovered, the tester will conduct a small unauthenticated Web Application Test for common vulnerabilities such as SQL Injection of Cross-site Scripting.

call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere