It’s important to know your organization’s vulnerabilities and how attackers might exploit them. External network pentesting is one way to do so, by actively assessing the security of an organization’s perimeter infrastructure that is directly accessible from the internet. This is done to pinpoint potential areas of opportunity for attackers to gain sensitive information and compromise business-critical infrastructure.
External networks include the server, the VPN login, a webmail portal, and any portals that can be accessed from a web browser. During an external network pentest, Cobalt’s pentesters use real-world attack vectors and tools to attempt to compromise external systems and gain access to sensitive information or systems.
Types of External Pentests
Black Box: No access is given prior to the test.
White Box: Specific access is given during an external network pentest.
Gray Box: No access is given to start, but some access is given after certain tests are performed.
Further, these details can be included in the scope of the desired pentest with gray box and white box testing:
- Network diagrams
- Infrastructure diagrams
- Accounts (even temporary accounts for pentests)
- User information
Any information provided about the system being tested is useful for pentesters. The more opportunity and ability there is to figure out the software that someone's web server is running, the more effective it is to find exploits specifically related to that version of the software rather than trying a variety of exploits to see what sticks.
Cobalt can meet customers where they want us to be. However, if customers are looking for maximum impact and/or a white-box test, here's what we recommend when preparing the test’s scope:
- Determine the assets to test, such as which parts of the external network
- Determine the IP addresses that go with those assets
- Present those IP addresses as the scope
It’s important to ensure the provided IP addresses actually belong to the company, and also alert any third-party vendors related to those assets. To increase the value of external assessments, monitoring public IPs from which attacks are sometimes conducted can be helpful to better identify and respond to future attacks.
When it comes to the typical list of things Cobalt pentesters check during an external network pentest, they follow frameworks and best practices such as OWASP, ASVS, or OSSTMM. Typically port scanning activities are performed, followed by the search for web servers. Determining the software and version in use for each service is also helpful in identifying misconfigurations or vulnerabilities.
Common Vulnerabilities
Here are the top 3 most common vulnerability findings and fixes for external network pentests from the State of Pentesting 2021:
1. Components With Known Vulnerabilities: Outdated Software
Version An attacker could search databases of documented vulnerabilities to find information about exploiting one of these outdated pieces of software. Keep all software up-to-date, especially if a known vulnerability or weakness associated with an older version exists.
2. Server Security Misconfiguration: Insecure SSL
When a web application sends sensitive information (passwords, credit card details, Social Security Numbers, or other types of PII, for example) it should send this information encrypted. Meaning that it uses complex ciphers to make that data unreadable to anyone other than the intended recipient, and uses secure Transport Layer Security (TLS) protocols to send that information securely. Use only the most up-to-date TLS protocols.
3. Server Security Misconfiguration: Insecure Cipher Suite
Insecure Cipher Suite is the method by which secured data is encrypted. Ciphers are used to encrypt information and make it impossible to read without knowing the cipher itself. To prevent this vulnerability, create a shortlist of cipher suites that your servers accept, and use only those.
Some additional vulnerabilities we see are…
Another common finding in external network pentests are systems that are not behind Multi-Factor Authentication (MFA) solutions that contain a user with an easily guessable password.
Router misconfiguration vulnerabilities — network devices such as routers exposed to the internet with misconfigured VTY lines — are another known vulnerability. When left misconfigured, they can enable an attacker to log in to the device without providing credentials.
Another vulnerability still common in 2022 is administrative interfaces on systems, such as Tomcat Manager, being left exposed to the internet and utilizing default credentials. Errors like these can lead to the attacker pivoting and compromising the internal network. Lastly, open mail relays from time to time remain an issue, allowing an attacker to use a company’s mail relay to launch phishing campaigns against its employees and other groups.
Modern Pentesting Services for Security and Development Teams
Fueled by an exclusive Core community of testers, Cobalt’s Pentest as a Service platform delivers the real-time insights agile teams need to remediate risk quickly and innovate securely. It’s as easy as choosing the right security vendor to carry out the external network pentesting.
We can meet customers where they are, whether they have all of the scoping information at hand, or they want to do a black-box test. Learn more about Cobalt’s modern pentesting services for security and development teams. Looking for more? Explore other types of security testing.