Network Penetration Testing
A Network Penetration Test evaluates the effectiveness of your network security by simulating an attack. The objective is to gain unauthorised access to the targeted network and devices deployed within. Effective network penetration testing shows if and how this can be achieved given the current network device configuration and security controls deployed.
Network penetration testing is an art. The art of thinking like an attacker – identifying and exploiting vulnerabilities that would allow access. The key to penetration testing is to clearly identify the testing objectives before starting. For instance, if you are testing to ensure that unauthorised access to your network cannot be achieved, this objective should be clearly stated in the testing scope and addressed in the report of findings.
Get a QuoteSpecific information and communication technology (ICT) requires specific testing objectives methodologies and tools. Risk Crew provides network penetration testing services for:
- Local area network (LAN)
- Wide area network (WAN)
- Wireless
- Payment Card Industry (PCI) payment card
- Supervisory Control & Data Acquisition (SCADA)
- Critical National Infrastructure (CNI)
- Internet of Things (IoT)
Risk Crew’s testing is scoped to meet your specific business or compliance requirements and we issue “Testing Certificates” to enable your business to produce evidence of compliance if required.
Phases of a Network Penetration Test
Network penetration testing from our team is comprised of seven key phases:
01 | Pre-engagement
Confirming test scope, network design and configuration details, specific testing goals and objectives, compliance requirements, testing times, points of contact and rules of engagement.
02 | Reconnaissance
Identifying all publicly available information and all points of access to the target network.
03 | Threat Modeling
Identifying all devices associated with the target network and associated hardware, operating systems and software security vulnerabilities associated with these devices.
04 | Exploitation
Manually exploiting the identified vulnerabilities to gain access to the devices. Expanding and escalating access privileges if obtained.
05 | Post Exploitation
Determining the impact on target assets. Validating vulnerability risk ratings against business impact and removing scripts, accounts or files implemented during testing.
06 | Reporting
Detailing findings and remedial recommendations from our network penetration test.
07 | Retesting
Verifying vulnerabilities identified during testing have been appropriately remediated.
What is Included in Our Network Penetration Testing Service?
Risk Crew’s service provides a comprehensive report that details the network security vulnerabilities identified and specific actions for remediation, followed by a courtesy workshop and on-call assistance.
Detailed Report
The report details specific vulnerabilities identified during the penetration test, how they were identified, methods and tools used to identify them, and visual evidence if applicable. The report shall indicate a security vulnerability risk rating for risk reduction references.
Stakeholder Workshop
The report is presented in a workshop with applicable business stakeholders to ensure their understanding of the findings and the risks associated with hosting the business information assets on the platform.
On-call Security Advice
We provide advice and assistance for 30 days following the report submission and answer any questions that arise from implementing remedial actions and ensuring risk reduction.
Retesting Included
We offer retesting to verify remedial actions were effective. Upon completion of the network penetration test, we’ll provide you with a summary report verifying remedial measures have been implemented.
Transparent Pricing
Our fixed pricing services come with no unexpected added costs. Additionally, we offer a managed service to conduct penetration testing on a continual basis.
Customer Promise
Risk Crew provides an unparalleled penetration testing solution covered by a 100% satisfaction guarantee.
What Are The Benefits Of Network Penetration Testing?
Our Network Penetration Testing service assesses the effectiveness of the security controls and configurations deployed on your business systems to prevent unauthorised access. The Risk Crew Network Security Penetration Service will confirm the robustness of your current:
✓Firewall ruleset
✓Virtual private network (VPN) security configurations
✓Identity management controls
✓Systems security administration program
✓Incident identification capability
✓Remote access authentication controls
✓Intrusion detection or prevention controls
✓Vulnerability assessment & remediation program
✓Change control procedures
✓Incident response plans & procedures
Additionally, where relevant, our network penetration testing service entails the formal review of your cloud provider service level agreement (SLA) and provides recommendations for enhancing the security associated with your service.
Why Choose Risk Crew For Your Network Penetration Testing?
Risk Crew are industry leaders in designing and delivering comprehensive internal and external network penetration testing.
Our experienced security testing engineers implement detailed methodologies using proprietary and open-source tools. This ensures they can effectively assess your business’s capabilities to detect and mitigate attacks against your business systems. All security testing engineers are thoroughly vetted and subject to in-depth professional, criminal, and credit records checks.
All security testing engineers are thoroughly vetted and subject to in-depth professional, criminal and credit records checks.
When you choose Risk Crew, you’re electing to work with qualified penetration testing experts.
Best Practice
Risk Crew follows penetration testing best practices including OWASP and NIST
Accredited
Engineers carry CREST, C√SS, C│EH and GIAC credentials
Certified
Engineers hold CISSP, CISM and CRISC certifications
Subject Matter Experts
Risk Crew engineers are SMEs with published articles in industry journals & magazines
Find out how Risk Crew can help you meet your specific network security business or compliance requirement.
Request a Security Testing Quote
Our experts will contact you to discuss your specific requirements
Frequently Asked Questions
What is white box security penetration testing?
White-box security penetration testing is an approach wherein testers possess full-knowledge of the target systems design, configuration and functionality, often understood as a “developer’s perspective” of the target systems.
What is black box security penetration testing?
Black box security penetration testing is an approach wherein testers possess zero-knowledge of the target systems design, configuration and functionality, often understood as a “hacker’s perspective” of the target systems.
What is grey box security penetration testing?
Grey box security penetration testing is an approach wherein testers possess limited-knowledge of the target systems design, configuration and functionality, often understood as a “users’ perspective” of the target systems.
What is a denial of service (DoS) attack?
A denial of service (DoS) is an attack wherein the attackers attempt to prevent legitimate users from accessing the system or service. In a DoS attack, for example, the attacker sends an extreme number of messages flooding the target with authentication requests from invalid return addresses causing a shutdown.
What is the difference between a Denial of Service (DoS) and a Distributed Denial of Service (DDoS) attack?
A DoS attack is unlike a DDoS attack. In a DoS, an attacker uses one computer (and an Internet connection) to flood a targeted system or service with false authentication requests. In a DDoS, an attacker uses multiple computers (and Internet connections) to flood the targeted system of service making it harder to identify the source and shut down the flooding attack.
How should you prepare for Network Penetration Testing?
When preparing for a new penetration test, ensure that all reported vulnerabilities in previous tests, such as missing patches, are fixed to reduce vulnerabilities found during the test. You should also activate processes that are stated in incident response handling policies. The test can help you identify weaknesses in these policies and can help to improve them. To find out more, read our blog post on how to prepare for network penetration testing.