Network Penetration Test
Performing a Network Penetration test allows the organization to assess the security posture of high-risk targets such as business critical systems and Internet facing infrastructure. Selected client systems are evaluated and compromised in efforts to gain access to sensitive company resources and data. These activities simulate those of a motivated individual or organization focused on obtaining unauthorized access to confidential and proprietary intellectual property and/or customer data.
Network Penetration Testing can combine any of the following modules, depending on the security needs and requirements of the organization:
OSINT Reconnaissance
Little to no information is provided beforehand. All target hosts are identified using Open Source data available on the internet. This provides the client with a view of what an attacker can find with only a company name.External Host Based
The test is scoped to include a list of hosts provided by the client, usually internet-facing, critical infrastructure to ensure it is hardened against network attacks. Tests can be further scoped so that the goal is to evade any intrusion detection systems and/or network security monitoring programs in place.Internal Network
VPN access is granted, or an on-site engagement is scheduled, to simulate what would be possible were an attacker able to breach the perimeter of an organization’s network and access internal resources. Internal tests will reveal what is possible at a given moment in time were an attacker able to breach the perimeter of a network, or if an insider attempted to perform malicious actions. Business critical applications are identified that are vulnerable to compromise, and what sensitive data loss or other damage to the organization could occur.