As the name implies, this type of penetration testing is performed on the network infrastructure of an organization. There are two different types of tests:
External Network Penetration Testing
This type of penetration testing is performed on the external-facing network infrastructure of an organization. It involves identifying and exploiting vulnerabilities in the network that could potentially be exploited by attackers to gain unauthorized access to the network or steal sensitive information.
The external network infrastructure includes all the systems that are accessible from the internet, such as web servers, email servers, DNS servers, firewalls, routers, switches, and other network devices. The objective of external network penetration testing is to identify vulnerabilities in these systems and provide recommendations to mitigate or remediate the identified vulnerabilities.
Internal Network Penetration Testing
Internal network penetration testing is performed from within the organization’s network, with the aim of identifying vulnerabilities that could be exploited by insiders or external attackers who have already gained access to the network. This type of testing is usually performed by security professionals who have been granted access to the organization’s internal network, and who have knowledge of the network architecture and configuration. The focus is on identifying vulnerabilities in systems that are accessible only from within the organization’s network, such as internal servers, databases, and applications.
Such testing usually includes privilege escalation which means that the testing team will attempt to escalate privileges to gain access to sensitive data or systems once access to a system is obtained and lateral movement where the testing team will attempt to move laterally across the network to gain access to additional systems and sensitive data.