Infrastructure (network) penetration testing
Includes external and internal tests. Both types of tests assess the current state of the client’s IT infrastructure, from a technical IT security perspective.
External infrastructure tests focus on the infrastructure which is publicly accessible (i.e. from the Internet; perspective of an attacker with Internet access). These tests are conducted over the Internet.
Internal infrastructure tests focus on the infrastructure which is accessible from within the organization (i.e. from the organization’s local network; perspective of (1) an attacker that breached the network perimeter or (2) a malicious employee). These tests are conducted on-site, or, alternatively, via VPN and are, generally, focused on Windows environments (Active Directory).
Both types of assessments consist of a combination of manual and automated tests. An emphasis is put on identifying risks of highest severity as well as covering the whole test scope.
Projects delivered professionally, so far, include European clients (finances, government agencies, critical infrastructure, manufacturing).