NETWORK PENETRATION TEST
Brisk Infosec Network penetration testing process is a combination of automated and manual techniques to identify security flaws. Our testing simulates the efforts of a real hacker and various approaches to access confidential data through vulnerabilities in computer networks.
INTERNAL PENETRATION TEST
An internal Penetration test is a process where Brisk Infosec experts simulate an intrusion like a malicious employee or an intruder who has gained illegal access to the internal perimeter of the organisation.
EXTERNAL PENETRATION TEST
External Network Penetration is a process that evaluates and assesses the organisation’s external network. It is conducted by our qualified information security professionals, by providing our clients with detailed analysis of how real intruders might probe, exploit, and compromise organisation’s external network
To check the vulnerabilities of an organisation network when viewed from the Internet through the firewall. To identify the type of resources exposed to the outer world.
NEED FOR INTERNAL PENETRATION TEST
To check the risks from within the internal network of an organisation like LAN. Assesses threats coming from workforce or processes within the Enterprise. Attempts breaches on internal networks through legitimate user credentials and the privilege levels.
Brisk Infosec’s Methodology for Network Penetration test is as follows:
- Requirement Analysis
- Intelligence Gathering
- Threat Modeling
- Vulnerability Analysis
- Post Exploitation
We follow the below standards as per the client’s requirement and nature of the network:
- PCI DSS
1. Secure corporate network from intruders
2. Prevent information stealing
3. Protect data integrity and availability
4. Protect network from denial of service attack
What is the need to perform a penetration test against your organisation?
Organisations are being digitalized and it’s important to determine where vulnerabilities lie and make your systems more secure to avoid digital data loss or financial crises.
Is the penetration test required for a specific compliance requirement?
Brisk Infosec recommends penetration test for all compliance implemented in any organisation and we do support compliance like ISO 27001, PCI DSS, HIPPA Etc.,
When does the customer want the active portions (scanning, enumeration, exploitation, etc…) of the penetration test conducted?
- During business hours?
- After business hours?
- On the weekends?
The Best practices are to conduct penetration tests after business hours or Non-business hours so that these tests do not affect the business of the organisation.
Are there any devices in place that may impact the results of a penetration test such as a firewall, intrusion detection/prevention system, web application firewall, or load balancer?
It may cause but the main functionality of penetration test is to bypass firewall, intrusion detection/prevention system, web application firewall, or load balancer and again admin privilege.
How many IP addresses will be tested?
It completely depends on the client and their requirement of the penetration test.