External Penetration Testing
An external network penetration test (pentest) is designed to test the effectiveness of perimeter security controls. This test identifies weaknesses in internet-facing systems.
The external penetration test begins with a vulnerability assessment followed by targeted attempts to exploit identified security weaknesses.
The external penetration test is like walking around the outside of a building and looking for security gaps that would allow a burglar to break in. The pen tester is looking for the digital equivalent of unlocked doors, missing locks on a window or a key hidden under the welcome mat. When security weaknesses are found, the pen tester will attempt to use them to gain access to the inside of the network.
The external penetration test mimics the actions of a hacker that would attempt to break into the client’s site from across the Internet.
Internal Penetration Testing
An internal network penetration test (pen test) is designed to test the effectiveness of security controls on devices inside the client’s network. This test begins on the inside of the network and does not test the effectiveness of perimeter security controls.
The internal penetration test begins with a vulnerability assessment followed by targeted attempts to exploit identified security weaknesses.
The internal penetration test is like walking around the inside of a building and looking for security gaps that would allow a burglar, who has already broken in to gain access to sensitive locations. The pen tester is looking for the digital equivalent of an unlocked safe, missing locks on a filing cabinet, or valuable items left in plain view. When security weaknesses are found, the pen tester will attempt to use them to gain access to the sensitive data or systems..
The internal penetration test mimics the actions of a hacker that has already broken into the client’s site from across the Internet. This test also mimics the actions of a malicious insider who has physical access to the network.