SureCloud’s external network penetration testing incorporates infrastructure-level targeting of your organisation’s exposed network, which may include specific network addresses or ranges (governed by IP addresses or hostnames), alongside information that is discovered freely on the public internet.
The external phase starts with reconnaissance, where our cybersecurity team performs both passive and active detection of available network services, such as using search engine results and network scanners. It is often found where organisations are not aware of the information available online where search engines have cached information that should not be publicly accessible.
Further steps along in our methodology also consist of more active measures such as port and vulnerability scanning which can identify vulnerable services that are accessible and facing the internet (for example a database server), with manually-led and creative exploitation of any of these exposed services. The overall aim of an external penetration test is to demonstrate what an attacker with no prior knowledge of the organisation can gain from the perimeter infrastructure.