Infrastructure (network) penetration testing
Includes external and internal tests. Both types of tests assess the current state of the client’s IT infrastructure, from a technical IT security perspective.
External infrastructure tests focus on the infrastructure, which is publicly accessible (i.e. from the Internet; perspective of an attacker with Internet access). These tests are conducted over the Internet.
Internal infrastructure tests focus on the infrastructure, which is accessible from within the organization (i.e. from the organization’s local network; perspective of (1) an attacker that breached the perimeter or (2) a malicious employee). These tests are conducted on-site, or, alternatively, via VPN (the new standard, due to recent travel restrictions) and are, generally, focused on Windows environments (Active Directory).
Both types of assessments consist of a combination of manual and automated tests. In addition to focusing on identifying risks of highest severity, first, an emphasis is also put on covering the whole test scope.
Projects delivered professionally, so far, include European clients, within the following sectors: finances, government agencies, critical infrastructure and manufacturing.