Internal network penetration testing focuses on the private IP space of the organization. The penetration test proceeds from the perspective of an internal attacker, usually by simulating a compromised workstation. This type of test aims to identify risks specific to this type of inside threat and is centered around the attacker's ability to gain elevated user credentials, access to important systems, and access to sensitive information.
The primary goal of this testing is to determine if an attacker or malicious user on the internal network can gain access to sensitive data or systems. Secure Ideas will attempt to evaluate the internal systems, infrastructure, configuration, and applications to discover exploitable issues that will allow access to the goal.
During internal and external network testing, Secure Ideas will seek access to sensitive data or systems on the networks. We will move forward with scanning and testing of the internal network from an authenticated user to determine the risk associated with compromised workstations, as well as assess the external network from an unauthenticated system to determine the risk from an external attacker.
Once that is complete, we will exploit vulnerabilities discovered on the internal and external networks to gain further access to internal systems, and provide remediation recommendations and security controls to improve the security of the in-scope systems.
External network penetration testing focuses on the public IP space of organizations. The penetration test proceeds from the perspective of an external attacker and is focused on vulnerabilities that can be used to gain entry to the Internal network as well as exposure of sensitive information.
During an external pen test, Secure Ideas focuses on all externally facing systems in scope. The primary goal of this type of test is to evaluate the ability for an attacker on the Internet to gain access to the internal network. Secure Ideas will target all of the externally available systems within the IP address range provided, and will encompass servers, infrastructure devices, web applications, and services.