The external network could provide hackers access to critical systems
How much data of your organization can be found in the external network? Can old data be used to enter critical systems? Yes, it can. Old unused domains that are still present online, can be used by hackers obtain access to other (critical) systems.
When assessing the network security of an organization, it is important to understand the breadth of the attack surface. A single forgotten host or web application in the external network will often become the initial foothold for an attacker. Request a scan to test the security of your external network.
The focus of the security mapping of online organizational data is on gathering information specifically related to the organization's network footprint and services. Open source intelligence from social networks, email addresses, search engines and document metadata is often used for creating a social engineering attack.
What is tested with an External Network Test?
- identification of domains and IP-addresses which belong or are related to the company.
- identifying and exploring systems/services.
- research possible attack points.
- finding mostly unstructured other information, i.e. indexed by search engines or floating around on websites.
The benefits of an External Network Test
- obtain insight into which information is easily obtainable for a potential attacker/hacker.
- obtain insight in all systems/services of your company which are online.
- get to know which services are publicly available online that should not be.
- get insight into the weakest link of your IT-infrastructure.
Passively Mapping the Network Attack Surface
Using open source intelligence (OSINT) techniques and tools it is possible to map an organizations Internet facing networks and services without sending any packets (or just a few standard requests) to the target network.
Looking at this another way an attacker can do a comprehensive analysis and mapping of your network infrastructure and technologies without actually sending you any packets, and therefore without you having any knowledge that this reconnaissance has taken place.
Identifying Hosts and Related Domains
Identifying all known hosts for an organization allows us to continue to dig deeper for more systems and hosts to target. By examining all discovered IP address blocks (ASN) we can find other hosts within the next block of interest. Identifying related domains will lead to the discovery of more hosts.
Think of a single web server, the actual open services (SSH, HTTP, RDP) are all points of attack, discovering all the virtual hosts running on the server is important as web applications running on any of the virtual hosts are also an attack vector.