In it’s most basic form, a penetration test is a skilled ethical hacker who is contracted to attempt to break into your organization and tell you what to fix. This will hopefully prevent a malicious actor from doing the same thing. With that being said, there are many different types of penetration tests. There are external, internal, web application, etc. etc. To make matters more confusing, there is a lot of overlap between them. In this blog, we will explore the various types of penetration tests and what questions they solve. Let’s dive in.
External Penetration Test
An external penetration test is one of the most common types of penetration tests. In this type of test, an engineer will attempt to break into your organization from the Internet, through the devices listening on your network perimeter. This commonly includes firewalls, web servers, SSH consoles, etc. The engineer will scan your perimeter to try to identify all the systems, including systems that you may have forgotten about or systems that are not supposed to be visible from the Internet. Following identification, the engineer will probe every service and try to identify vulnerabilities that may allow remote access, disclosure of sensitive information, or lead to further attacks. Finally, any vulnerabilities discovered will be exploited and in an attempt to gain access to your environment and demonstrate the risk.
Social Engineering Engagement
Similar to an external penetration test, this type of test involves an engineer on the Internet trying to gain access to your environment. However, a social engineering engagement targets your employees. This type of testing involves sending emails or calling employees to try to get them to divulge sensitive information or perform an action that gives the attacker access to the network. We typically find that even when a company performs very well on an external penetration test, their employees will bypass all of those protections by clicking on a link they shouldn’t have. That is why we think social engineering engagements are so important.
Internal Penetration Test
An internal penetration test is designed to test the risk of a malicious insider or an attacker who successfully gains access to your network. In an internal penetration test, an engineer will start with a laptop on your network, but no permissions or accounts. From that position, the engineer will try to elevate their permissions, with the ultimate goal of achieving domain administrator-level access. Once this level of access is achieved, the engineer will continue to attempt to uncover sensitive data (credit card, PHI, etc.) in order to demonstrate the risk.
Web Application Penetration Test
A web application penetration test has some overlap with some of the other types of testing already mentioned. During an internal or external penetration test, if the engineer uncovers a web application, they will perform some light web application testing to try and gain access to the application. A web application penetration test is more focused and more in-depth. When performing a web application penetration test, the engineer will first start as an unauthenticated user and attempt to gain unauthorized access. However, even if they cannot gain access, the engineer will be provided with accounts for each role in the application, allowing them to more thoroughly test the authenticated portion of the application. Once inside the application, the engineer will attempt to elevate permissions, perform parameter tampering, or other types of attacks that can only be performed once authenticated.
Physical Penetration Test
A physical penetration test involves an engineer physically trying to gain access to your office or building. In a physical penetration test an engineer will attempt to steal RFID badges, piggy back in off employees, trick motion sensors, or perform social engineering to gain physical access to your location. Once inside an organization, the engineer will try to gain access to the network, discover sensitive files, harvest passwords from employee work spaces, breach data centers, etc.
Wireless Penetration Test
A wireless penetration test evaluates the wireless networks of your organization. First, an engineer will try to gain access to your wireless networks. This includes capturing the WPA2 key and attempting to brute-force it, cracking the WEP key, or setting up rogue devices to try to trick users into providing authentication credentials. Once access is achieved, the engineer will test for client isolation and ensure that your wireless network is properly segmented (i.e. does your guest network have access to your sensitive internal servers?). Finally, the engineer will search your organization for rogue access points on the network.