Martin Hořický
Partner • Digital Services
Infrastructure testing is a penetration test that focuses on assessing the vulnerabilities of computer systems, network devices and IP address ranges to identify vulnerabilities that could be exploited. Testing should be conducted both from outside the organisation and from within the organisation.
Infrastructure testing can also be used to test whether the organisation is complying with security policies and how effectively it can respond to security threats.
Testing can also provide assurance that the systems and security controls being tested have been configured in accordance with security best practices and that there are no vulnerabilities in the target system at the time of testing. If any vulnerabilities are found, they need to be addressed before an attack or security breach occurs.
Computer and wireless networks
In a penetration test of computer and wireless networks, the penetration tester examines the network environment for security vulnerabilities. Network penetration tests can be further divided into two categories, namely external tests and internal tests.
In computer and wireless network penetration testing, we focus on the following areas:
- firewall configuration;
- firewall bypass testing;
- stateful inspection analysis;
- deception of the intrusion prevention system;
- DNS level attacks.
Types of penetration testing
Internal penetration testing
Internal penetration testing or vulnerability assessment. Performed by connecting to your internal network and assessing internal network devices or IP address ranges for vulnerabilities.
External penetration testing
External penetration testing and vulnerability assessment. Typically performed remotely and assesses external security services exposed to the internet.
Inclusion of penetration testing into your security program has several key benefits:
- It helps meet regulatory requirements and security policies. Penetration testing is explicitly required in some industries and conducting penetration testing helps to meet this requirement and evaluate existing security policies for potential vulnerabilities.
- It helps you evaluate your infrastructure. Infrastructure such as firewalls and DNS servers are publicly available. Any changes made to the infrastructure may leave the system vulnerable. Penetration testing helps identify real attacks that could be successful in accessing these systems.
- It identifies vulnerabilities. Penetration testing of web applications will reveal gaps in applications or vulnerable routes in infrastructure before an attacker can.