Secure and robust infrastructure is fundamental to cyber security. Given the financial and business ramifications of suffering a breach, regular internal and external penetration testing is recommended to identify and help address vulnerabilities.
This helps organizations identify exposures across on-premises and cloud environments.
Network penetration testing, also known as Infrastructure penetration testing, can be performed from two perspectives: inside and outside the organizational network perimeter.
An internal network pen test helps determine what an attacker could achieve with initial access to a network. An internal network pen test can mirror insider threats, such as employees intentionally or unintentionally performing malicious actions. Since internal networks typically have significantly more systems than those exposed on the Internet, the approach to internal penetration testing is to map the network and then prioritize the systems for detailed testing.
An external network pen test is aimed at gauging the effectiveness of perimeter security controls to prevent and detect attacks as well as identify weaknesses in internet-facing assets such as web, mail and FTP servers.
Network penetration testing helps detect and highlight the following:
- Firewall flaws
- Weak encryption protocols
- Issues with security controls
- Unpatched systems and components
- Issues with configuration parameters
- Software vulnerabilities