866.254.0000
Talk with a Specialist
Services
SOC & Attestations
Payment Card Assessments
ISO Certifications
Privacy Assessments
Federal Assessments
Healthcare Assessments
Penetration Testing
Cybersecurity Assessments
Crypto and Digital Trust
Schellman Training
ESG & Sustainability
AI Services
View All Services
Industry Solutions
Cloud Computing & Data Centers Meet a broad range of regulatory and industry compliance mandates for your customers
Financial Services & Fintech Cybersecurity assessments for both the banking industry and the financial service providers
Healthcare Reporting to manage risk and adhere to applicable laws and regulations
Payment Card Processing Validate compliance with the various forms of the PCI DSS
US Government Achieve authorization to work for federal agencies, DoD, and the associated contractor base
Higher Education & Research Laboratories Reinforce your commitment to securing your student's and institution's data.
View All Industry Solutions
Learning Center
Our Technology
About Us
Leadership Team
Careers
Corporate Social Responsibility
Strategic Partnerships
Visit About Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
View All Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
Learning Center
Our Technology
About Us
About Us
About Schellman
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships
Talk with a Specialist

«  View All Posts

What is External Network Penetration Testing? Blog Feature
JOSH TOMKIEL

By: JOSH TOMKIEL

Print/Save as PDF

What is External Network Penetration Testing?

Penetration Testing

 

Penetration tests (pen tests) are security assessments designed to identify an organization’s vulnerabilities and security holes by mimicking malicious actors who may target the organization. One of the first penetration tests, and the one most individuals think of when they think of a penetration test, is an external penetration test. 

 

More specifically, an external network pen test is designed to discover and exploit vulnerabilities in all your hosts that are accessible via the Internet. As highly experienced penetration testers that offer this service among others, we’re going to provide a full explanation of external network penetration testing, including methodology, timeline and cost, and where you can start ahead of yours.

 

That way, you can be sure that an external network penetration test is the right move for your firm among the other options available.

 

What is an External Network Penetration Test?

When you engage a team to perform an external network penetration test, they’ll act as an attacker on the open Internet and attempt to breach those web-facing assets you have.

Using different techniques like port scans and vulnerability scans, they’ll identify where they can push through security vulnerabilities and misconfigurations in all in-scope hosts so as to gain access to your supporting infrastructure or service.

But that's the extent of it—if the penetration testers do happen to gain access to the internal network, no further action will be taken to pivot deeper.

 

External Network Penetration Testing FAQ

What’s the Difference Between Vulnerability Scanning and an External Network Penetration Test?

While external network penetration testing does tend to include vulnerability scanning during the actual assessment in order to discover any security weaknesses that can be targeted, the primary difference between the two is that the penetration test will attempt to exploit the vulnerabilities identified.

 

What’s the Difference Between an Internal Network Penetration Test and an External Network Penetration Test?

An external network penetration tester acts as an attacker coming from an outside network and is typically done remotely, while an internal network penetration test begins from within the organization’s network.

How Long Does External Network Penetration Testing Take?

 

 

While there are many intricacies in pen test timing, typically, external network penetration testing is completed within 1 week if less than 1,000 hosts are in scope. As more hosts are added, the timeline is extended.

 

How Much Does External Network Penetration Testing Cost?

Every organization is unique and, therefore, the cost of a penetration test differs from assessment to assessment. That said, the factors that typically affect pricing include:

 

  • Scope and complexity, such as the size of the IP Address space
  • Size of your organization, including the number of live hosts
  • The experience of your external network penetration team
  • Type of test being performed, (Black Box, Grey Box, etc.—more on these in a moment)

Where to Start for Your External Network Penetration Test

Knowing all that, it's possible you're interested in understanding where your outward defenses may need shoring up. But where would you start? With your assessment type—there are two different ones that are commonly requested:

 

  • Shared Knowledge (Grey Box) Assessment:
    • You would provide a list of hosts (public IP addresses or domains) and your tester will only test against those approved in-scope hosts.
    • This is Schellman's recommended approach, as it's our opinion that a Grey Box assessment provides better value in time and overall results.
  • Zero Knowledge (Black Box) Assessment:
    • Rather than you providing a list, your tester would perform their own recon to discover all Internet-facing assets. They would then give you a list of their discovered hosts that you would need to approve before the start of any testing.
    • This method takes more time, as you'll still need to verify that the hosts identified belong to your company before active testing can begin. 

Though approved hosts for testing are ultimately up to you, we do not suggest you restrict your scope or exclude hosts from any type of pen test. 

While you may opt to engage in this just for the sake of your cybersecurity, if the pen test is for a greater compliance initiative, a wider scope is better than a narrower one. Limitations could lead to you needing another assessment so that previously excluded hosts can be included.

 

External Penetration Testing Methodology

No matter the assessment you choose, a successful external network penetration test should be mapped out in order to maximize efficiency and comprehensiveness. Though different teams will likely take different approaches, the majority will follow a similar procedure:

 

  • Pre-Engagement: Together with your team, you’ll define the objectives of the external network penetration test and the desired outcome.
  • Defining Scope: You will determine which assets you’d like to be included in the external network pen test.
  • Exploitation: The penetration team will work on identifying security weaknesses.
  • Reporting and Remediation: The pen testers will provide you with documentation of their procedures and findings of the assessment, and you’ll get started remedying any issues identified.
  • Retest: The test will be performed again on all originally identified issues to ensure that the fixes you implemented as a result of the previous external network penetration assessment are secure and working.

 

Additional Matters Concerning Your External Network Penetration Test

As you progress through this process, here are two tips to maximize your experience during an external network pen test:

 

  • Don't keep it a secret.
    • Your pen test team is there to help. Let your internal security team(s) (Security Operations Center (SOC) or Network Operations Center (NOC)) know that an external network pen test will be happening and provide them with the public IP addresses the team will be using so your people know who's poking around.
      • If you work with Schellman, these addresses will be listed in the authorization letter.
    • (For transparency's sake, there are other kinds of pen tests where your personnel are kept in the dark. External network pen testing is just not one of them.)
  • Prepare your Web Application Firewall (WAF) or Intrusion Prevention Device (IPS).
    • If you have technical security controls in place that could block your tester's traffic during testing, you should preemptively allow that traffic to pass these controls.
    • While real-world attackers have unlimited time to identify issues and come up with WAF bypasses, a pen test is limited to a specific timeframe. Help your testers help you by temporarily clearing these obstacles so that they can identify as many issues as possible within the time they have. 

You'll of course have options when choosing a pen test team. But if you're considering Schellman to do your external network pen test, here are some things you should know:

 

  • Schellman does not perform Distributed Denial of Service (DDoS) attacks. When we find vulnerabilities that result in likely Denial of Service (DoS) conditions, we typically just verify them to the best of our ability (without exploiting them).
  • Only manually verified findings will be included in our final report. With us, there will be no false positives. 

Regardless of who you work with, remember—the goal of this kind of engagement is not for your tester to be stealthy or stay undetected. Rather, it's to highlight as many of your issues as possible and provide actionable feedback within the limited timeframe available. 

 

Next Steps for Your External Network Penetration Test

An external network pen test can prove hugely beneficial when assessing your current cybersecurity defenses. Acting as a malicious attacker would be, approaching from the outside, your pen test team can help you uncover security weaknesses and determine where you're vulnerable so that you can plug any discovered gaps.

However, an external network penetration test only finds weaknesses in those external-facing hosts, and you may want to strengthen other areas as well (or instead). Check out our other content on different types of penetration tests that may suit your needs more:

 

If you have more specific questions than these pieces provide, feel free to contact us. Our team would be happy to speak with you regarding all the different kinds of pen test services we provide and answer any questions regarding your environment that you may have (as detailed through our scoping questionnaire that we would provide you to complete).

About JOSH TOMKIEL

Josh Tomkiel is a Managing Director and Penetration Tester based in Philadelphia, PA with over 10 years of experience within the Information Technology field. Josh has a deep background in all facets of penetration testing and works closely with Schellman's other service lines to ensure penetration testing requirements are met. Additionally, Josh leads the Schellman's Red Team service offering, which provides an in-depth security assessment focusing on different tactics, techniques, and procedures (TTPs) for clients with mature security programs.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Ready delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.