A penetration test is an authorized assessment against your organization's internal OR external IT infrastructure and exposed network services. Prior to beginning working on a penetration test, FortyNorth will work with your staff to establish specific goals and objectives for the test. For an external penetration test, the most common goal is to determine if it is possible for an attacker to gain an internal foothold into your organization’s network. For an internal penetration test, the most common objective is to determine what an attacker could do and obtain access to if they were able compromise an internal workstation.
The internal penetration test can be performed two different ways:
After determining if we will obtain account credentials, the test will begin by following the same steps that an attacker would perform. A sample set of the steps are as follows:
Reconnaissance
Enumeration
Exploitation
Post-Exploitation
Restart the Process
The internal penetration test is highly useful for organizations that want to know what an attacker could do and obtain access to if they were able compromise an internal workstation. The internal penetration test should be conducted after your organization has attempted to secure your internal network and would like to ensure that your current security configurations and processes protect all internal infrastructure.
An external penetration test is an authorized assessment against your organization’s external IT infrastructure and exposed network services. Prior to beginning the external penetration test, FortyNorth Security will work with your staff to establish goals for the external penetration test. The most common goal for an external penetration test is to determine if it is possible for an attacker to gain an internal foothold into your organization’s network. However, the goal(s) are customized for each assessment based on your organizations requirements.
The external penetration test is conducted from the perspective of an outside attacker analyzing your organization’s publicly available IT infrastructure. We follow the same steps that an attacker would conduct when attempting to gain access to your organization’s internal networks. The following is a sample set of actions performed:
Network Reconnaissance
Enumeration
Exploitation
Post-Exploitation
Restart the Process
The external penetration test is a service offering that should be used after your organization has attempted to harden your external perimeter via patching and secure service configurations. This service will validate the effort your organization has invested in and identify any areas that might need remediation.