Overview: External Penetration Testing
Internet Threat is Real
Ransomware damages are staggering - costing businesses $5 billion in damages during 2017 and now predicted to hit $11.5 billion by 2019. The threat of hackers breaching your controls and affecting your business operation is very real, and unfortunately you can't close security gaps that you don't know exist.
Discover Your Weaknesses
Raxis performs External Penetration Testing to help identify where the real risk is with your internet facing systems. Live-fire attacks are performed against the servers and network equipment in order to gain a foothold into your internal resources, and then we'll attempt to pivot into other critical servers to attain private data. We'll help you uncover the exposures you have to the internet as each and every step of the pen test will be documented in a detailed report with authentic screenshots obtained during the hack. Once we've completed, the report aids in repairing security weaknesses, gaining additional funding for system upgrades, or submitting evidence to regulatory entities as part of a compliance program.
What We Need From You
We'll need all of your external IP address ranges and permission to get started, this includes production, development, QA, and any lab environments as hackers could potentially have the same access. During a blackbox test, we can discover these ranges, but we will require that you validate them before we start active testing to ensure we don't send unwanted attacks to other internet hosts. We do not perform denial-of-service (DoS) attacks and will take great care to avoid impact to your production systems.
Raxis External Penetration Testing Features
- Discovery of open ports and services and vulnerabilities
- Attempting to exploit vulnerabilities in unpatched systems to gain further system access or data
- Brute forcing of available login forms such as webpages and other remote services
- Testing malicious injections and session mismanagement on available websites
- Attempting to use insecure services such as VNC to gain further access to internal systems
- Meet or exceed standards from PCI, HIPAA, GLBA, Meaningful Use, and other compliance/regulatory requirements
- And, if obtained, cracking of password hashes to be leveraged for additional access
Download our Penetration Testing Service Brief (PDF) for more information.
Transporter Remote Access
Raxis Transporter provides an easy to deploy "virtual wire" network connection to our manual penetration testers, vulnerability assessors, and R3 incident response team.
On-Site Penetration Testing
Sometimes it's necessary to be on-site to get access to internal networks or examine a breach first hand. No problem, our consultants will fly to you.
FAQ: External Penetration Test
How does Raxis perform an External Pen Test?
The external, internet facing, network environment is the front door to your organization's online presence. Due to the risks from outsider attacks, networks must remain secure at all times. Raxis will perform the entire penetration test remotely from our offices in Atlanta, and start by using a port scan of your entire IP range to map out the potential attack surface. Next, a vulnerability scan will be launched against the appropriate services to quickly determine how to gain a foothold into the target systems. Once a vulnerability is leveraged, Raxis will attempt to pivot into other systems in order to push further into the environment with the goal of obtaining sensitive data.
How do you penetration test through an Intrusion Prevention System (IPS)?
If there are countermeasures in place to stop the scanning, Raxis can use techniques to bypass these controls. However, due to the productivity decrease that occurs, Raxis recommends to demonstrate the bypass as a proof of concept for the report, and then perform whitelisting to allow for a more complete test against the actual servers. Otherwise, using bypass techniques such as rotating IP addresses and targeted portscanning will significantly slow down the discovery phase and impact the final deliverable - while still potentially exposing the risk to a malicious attacker with more time.
What does external penetration testing cost?
Raxis charges by the IP address for external pen tests. Costs range from as little as $3,000 for a single IP address to over $25,000 for a large enterprise environment. Quotes are free and available via our online form.
How long does it take to perform a pen test against my internet systems?
While it depends largely on the number of external facing IP addresses, most Raxis penetration tests are performed within 5 business days. We will work with you to get the right scope to meet your budget.
Yes. Raxis reports exceed NIST 800-115 standards required by most regulatory agencies. If a clean penetration test report is needed to meet requirements, we can work with you to re-test any findings and validate that the proper configuration changes or upgrades were made.
How often should I get a penetration test?
Many regulatory agencies require a penetration test each year, or after any changes are made to the software code or configuration.
Why should I choose Raxis?
Simple - we're a top tier penetration testing provider with reasonable pricing and some of the brightest consultants in the industry. We understand you're trying to meet regulatory requirements and improve your security, and we want you to succeed. There's even a chance you'll still get to work one of our consultants even if you go with someone else, as Raxis provides wholesale penetration testing services to three of the largest penetration testing providers in the US.
A Smarter Way to Stay Secure
Learn how hacking can help find and fix security gaps you never knew about.