Target Type | Description | Attack Considerations |
Internal | Assets can be accessed from within the organization. Internal attacks might be caused by malicious insiders or by external hackers who have gained credentials through a phishing attack. | An excellent candidate for all attack types IF direct access to the internal network can be established. |
On-site | Asset is physically located where an attack is being carried out. | Accessibility depends on controls at the site. A physical attack might go undetected at a large facility with many people. Centralized resource locations will probably have more points of entry and attack vectors to choose from. |
Off-site | Asset provides a service for an organization but is not necessarily located at the same place. | An organization's remote offices and satellite locations are less likely to have as many security controls as headquarters. As such, an attacker would lose the "cover" of anonymity. However, lax security might still make it possible to carry out physical, Wi-Fi, or possibly remote access/VPN attacks. You would have to assess if the remote location is worth the effort. If the remote location does not itself house interesting assets, it might provide a back door (such as an unguarded WAN or VPN link) to the main facility. |
External | Asset is visible on the Internet, such as a website, web application, email, or DNS server. | Not a good candidate for attacks (such as sniffing or ARP poisoning) that require direct access to the network segment. |
First-party hosted | Hosted by the client organization. | Might be easier to attack than third-party hosted services, as most companies do not have the same resources, expertise, or security focus as a provider. |
Third-party hosted | Hosted by a vendor or partner of the client organization. | Not impossible targets, but established providers are more likely to have good controls in place. Smaller, newer hosting companies may have fewer resources and less security expertise. These might be easier to attack than larger, more mature providers. All third parties can be vulnerable to zero-day attacks. |
Physical | Can include the client organization's premises or any physical device belonging to the client organization. | Physical attacks are an excellent way to plant sniffers, remote-controlled devices, keyloggers, and other attack tools in the private network. |
Users | They generally have access to resources that might be restricted to outside parties. | Users are usually the easiest attack vector because they are so susceptible to social engineering. |
SSIDs | Can be targets when an attacker is attempting to access a wireless network. | Evil twins and other Wi-Fi attacks require close physical proximity to the premises. |
Applications | Can be targets, as they are often linked to sensitive data such as credit card numbers. | You'll have to determine which applications are in use. If it runs in user context, you'll want to escalate privilege once it is compromised. |
Types of Targets
