External Internet Discovery
External Internet discovery consultancy determines the external presence of your organisation, and whether there are any applications or services which are unknown to the organisation. As part of a scheduled service, external discovery alerts you when there are changes to your Internet perimeter and cloud presence?
Benefits of discovery consultancy include:
- Clearer asset management via the discovery service
- Better preparation for any new threats or risks to systems identified, following a discovery consultancy.
- Validates the IT change management process.
ProCheckUp utilises a standard engagement model for all external Internet discovery engagements using a robust, holistic approach consisting of three phases as defined below: -
This phase uses OSINT and online tools, to determine the organisations externally exposed networks/IP ranges. domain names and sub domain names in use.
OSINT Tools like DNSTWIST and URLCRAZY are used to enumerate domain variations of supplied domain names and identify registered domains which could be used in phishing attacks against the organisation.
Public certificate registration records, and OSINT DNS brute forcing tools will be used to determine any sub domain names in use within the organisation.
Using regional internet registry whois lookups, combined with IP addresses associated with enumerated domain names it then becomes possible to determine IP address ranges allocated/associated with the organisation.
This phase determines the services running and a vulnerability assessment performed, on the identified IP addresses, and domain names. The helps classify the potential damage caused to the organisation, by any applications or services which are unknown
On completion, we will provide you with a report showing externally exposed networks/IP ranges. domain names and sub domain names in use. As well as any domain names registered which might be used to attack the organisation.
Additionally, a full vulnerability report will be produced on the identified IP addresses, and domain names
The report creates a basis for a risk assessment.
Please contact us for more information on how ProCheckUp External Internet Discovery Services can help you.