Different types of penetration test
There are different types of penetration test, each focusing on a particular aspect of an organisation’s logical perimeter.
External network (or infrastructure) penetration test
Objectives
The objective of an external network penetration testing is to identify security vulnerabilities in how an organisation connects with the Internet and other external systems. This includes servers, hosts, devices and network services. If an organisation’s interfaces are not designed correctly, criminals will be able to enter the network and perform malicious activities.
Common security issues
- Unpatched operating systems, applications and server management systems.
- Misconfigured software, firewalls and operating systems.
- Unused or insecure network protocols.
Internal network penetration test
Objectives
The objective of an internal Network penetration test is to determine what vulnerabilities exist that are accessible to both an authenticated and non authenticated user to ensure that the network is critically assessed for both the potential exploit of a rogue internal user, and an unauthorised attack.
Common security issues
- Weak / default passwords
- Inappropriate privileges
- Access control issues / information leakage
- Inadequate patching of systems
- Unsecured workstations
- Vulnerabilities in intranet applications