A common theme amongst clients when conducting penetration tests is a large attack surface. Generally, the biggest risk is amongst externally exposed assets. However, this can be related to internal penetration tests and web application penetration tests. This blog post will briefly examine the biggest risks associated with a large attack surface.

Unknown Assets

It is not uncommon for companies to have unknown assets exposed to their networks. Historically, Lucid Security has encountered client’s who have acquired other companies. As such, they assume control of the assets that the acquired company. This can lead to client’s having exposed assets that they are unaware of, or not inventoried. If this is the case, these assets may go unpatched/updated leading to further security vulnerabilities.

Test Content

It is important for organizations to continue to grow and evolve. Because of that, IT administrators may test out new software and services. While this is a great idea, unfortunately this test content may find itself exposed externally to the Internet. By testing out software and exposing it to the Internet, typical hardening procedures may have not been made.

Excessive Logging Solutions Exposed

Oftentimes for development reasons, logging software is included in dev/staging environments. However, organizations may forget to exclude them from their applications or external perimeter. This can lead to information disclosures such as database information or internal server architecture.

Conclusion

Between an everchanging security climate and regular development procedures, it is possible for organizations to expose more information/assets than necessary. For this reason, Lucid Security recommends conducting annual penetration testing and at a minimum quarterly external vulnerability assessments to stay on top of issues.

How Lucid Security Can Help

Lucid Security often conducts penetration testing and vulnerability assessments. Our services are catered to assist in identifying issues and help provide expert remediation advice. Contact us today to get started!

What is an External Penetration Test?

Before diving into what an external penetration test entails, let’s first recap what a penetration test involves. A penetration test simulates an attack on a network, application, device, location, controls, or humans in a controlled environment. Lucid Security conducts external penetration tests by simulating attacks on their internet-facing assets. These tests are crucial for an organization’s security maturation process, ensuring that websites and services are secure against attackers.

Phases of an External Penetration Test

An external penetration test consists of several phases:

• Scope Verification – This critical phase ensures everyone understands that the listed assets are correct. It’s common for typos to occur when defining the scope, and IP addresses may change annually. Therefore, the security team must verify the scope the client provides. If discrepancies arise, the security team will contact the client for further clarification and verification.
• Open-Source Intelligence (OSINT) – This process involves using services like Google to find potentially sensitive information, such as documents, username formats for password attacks, internal company information for phishing campaigns or social engineering, or technology details to target applications or infrastructure more effectively.
• Enumeration – After identifying assets, the next step involves enumerating the “target” or host to determine what is available, such as a web server or an FTP server. The goal is to create an accurate attack map of the external perimeter to prioritize targets.
• Vulnerability Identification – This phase works alongside enumeration. Once the team knows what’s running on a host, it’s important to identify any potential vulnerabilities.
• Exploitation – This phase might not always apply. Here, the security team actively attacks a vulnerability to compromise a host, application, service, etc. The attack could allow information gathering, remote access to the web server, or unauthorized application access.
• Post Exploitation – The security team assesses the impact level of the exploit, which could range from minimal to critical, depending on the vulnerability and any mitigating controls in place. For example, a SQL injection could lead to remote code execution under the right circumstances.
• Reporting – Lucid Security compiles a custom-tailored report based on the findings from the engagement. The report will detail the vulnerabilities, their impacts or potential impacts, solutions, and any helpful references for remediation.
• Deliverable – This phase provides an excellent opportunity for the security team and client to discuss the results in real-time. They will also address any questions or concerns to ensure the client fully understands the findings.

Benefits of an External Penetration Test

It’s common for third parties to require security testing, often specifying the assessments required before partnership. An external penetration test is a typical prerequisite for organizations seeking to do business with another company. This precaution ensures data protection and proactive measures against security breaches. Moreover, an external penetration test identifies potential security risks along an organization’s external perimeter. Often, IT teams are unaware of external assets, which a competent security team needs to identify and address.

How Lucid Security Can Help

Lucid Security consists of seasoned security professionals with decades of experience in security and penetration testing. Our unique and competent perspective enables us to enhance clients’ security environments. Please contact us today to learn more about our services and how we can make your organization more secure.