Infrastructure (network) penetration testing
Includes external and internal tests. Both services assess the current state of the client’s IT infrastructure, from a technical IT security perspective.
External infrastructure tests focus on the infrastructure which is publicly accessible (i.e. from the Internet; perspective of an attacker with Internet access). Testing is conducted over the Internet.
Internal infrastructure tests focus on the infrastructure which is accessible from within the organization (i.e. from the organization’s local network; perspective of (1) an attacker that breached the network perimeter or (2) a malicious employee). Testing is conducted on-site or, alternatively, via VPN and is, generally, focused on Windows (Active Directory) environments.
Both types of assessments consist of a combination of manual and automated tests. An emphasis is put on identifying risks of the highest severity as well as covering the whole test scope.
Projects delivered professionally, so far, include European clients (finances, government agencies, critical infrastructure, manufacturing).