When we execute an ethical hacking is necessary to establish its scope to develop a
realistic schedule of work and to deliver the economic proposal to the client. To determine
the project extent we need to know at least three basic elements: the type of hacking that
we will conduct, the modality and the additional services that customers would like to
include with the contracted service.
⬛️Depending on where we execute the penetration testing, an ethical hacking can be
external or internal.⬛️
external or internal.⬛️
▫️External pentesting ▫️
裂This type of hacking is done from the Internet against the client’s public network
infrastructure; that is, on those computers in the organization that are exposed to the
Internet because they provide a public service. Example of public hosts: router, firewall,
web server, mail server, name server, etc.✨
infrastructure; that is, on those computers in the organization that are exposed to the
Internet because they provide a public service. Example of public hosts: router, firewall,
web server, mail server, name server, etc.✨
▫️Internal pentesting ▫️
裂As the name suggests, this type of hacking is executed from the customer’s
internal network, from the point of view of a company employee, consultant, or business
associate that has access to the corporate network.
In this type of penetration test we often find more security holes than its external
counterpart, because many system administrators are concerned about protecting the
network perimeter and underestimate the internal attackers. The latter is a mistake, since
studies show that the majority of successful attacks come from inside the company. To cite
an example, in a survey conducted on computer security to a group of businessmen in the
UK, when they were asked “who the attackers are”, these figures were obtained: 25%
external, 75% internal✨
internal network, from the point of view of a company employee, consultant, or business
associate that has access to the corporate network.
In this type of penetration test we often find more security holes than its external
counterpart, because many system administrators are concerned about protecting the
network perimeter and underestimate the internal attackers. The latter is a mistake, since
studies show that the majority of successful attacks come from inside the company. To cite
an example, in a survey conducted on computer security to a group of businessmen in the
UK, when they were asked “who the attackers are”, these figures were obtained: 25%
external, 75% internal✨
▫️Hacking modalities ▫️
裂 Depending on the information that the customer provides to the consultant, an
ethical hacking service could be executed in one of three modes: black-box, gray-box or
white-box. The method chosen will affect the cost and duration of the penetration testing
audit, since the lesser the information received, the greater the time in research invested by
the auditor. ✨
ethical hacking service could be executed in one of three modes: black-box, gray-box or
white-box. The method chosen will affect the cost and duration of the penetration testing
audit, since the lesser the information received, the greater the time in research invested by
the auditor. ✨
▫️Black box hacking ▫️
裂 This mode is applicable to external testing only. It is called so because the client
only gives the name of the company to the consultant, so the auditor starts with no
information, the infrastructure of the organization is a “black box”.
While this type of audit is considered more realistic, since the external attacker
who chooses an X victim has no further information to start that the name of the
organization that is going to attack, it is also true that it requires a greater investment of
time and therefore the cost incurred is higher too. Additionally, it should be noted that the
ethical hacker - unlike the cracker - does not have all the time in the world to perform
penetration testing, so the preliminary analysis cannot extend beyond what is possible in
practical terms because of cost/time/benefit. ✨
only gives the name of the company to the consultant, so the auditor starts with no
information, the infrastructure of the organization is a “black box”.
While this type of audit is considered more realistic, since the external attacker
who chooses an X victim has no further information to start that the name of the
organization that is going to attack, it is also true that it requires a greater investment of
time and therefore the cost incurred is higher too. Additionally, it should be noted that the
ethical hacker - unlike the cracker - does not have all the time in the world to perform
penetration testing, so the preliminary analysis cannot extend beyond what is possible in
practical terms because of cost/time/benefit. ✨
▫️Gray box hacking ▫️
裂 This method is often used synonymously to refer to internal pentestings.
Nevertheless, some auditors also called gray-box-hacking an external test in which the
client provides limited information on public computers to be audited. Example: a list of
data such as IP address and type/function of the equipment (router, web-server, firewall,
etc.). When the term is applied to internal testing, it is given that name because the
consultant receives the same access that an employee would have like having his laptop
connected to the internal network and the NIC configured properly (IP address, subnet
mask, gateway and DNS server); but does not obtain additional information such as:
username/password to join a domain, the existence of related subnets, etc. ✨
Nevertheless, some auditors also called gray-box-hacking an external test in which the
client provides limited information on public computers to be audited. Example: a list of
data such as IP address and type/function of the equipment (router, web-server, firewall,
etc.). When the term is applied to internal testing, it is given that name because the
consultant receives the same access that an employee would have like having his laptop
connected to the internal network and the NIC configured properly (IP address, subnet
mask, gateway and DNS server); but does not obtain additional information such as:
username/password to join a domain, the existence of related subnets, etc. ✨
