Understanding the Different Types of Penetration Tests

There are several different types of penetration tests. Below are the four main types of tests. InteliSecure provides complete penetration testing services for each of these areas and can customize tests based on your specific needs.

Network/Infrastructure

Infrastructure vulnerabilities are usually introduced through poor configuration or inadequate patching policies or processes. InteliSecure assessments and tests attempt to exploit these vulnerabilities.

Common targets of network and infrastructure attacks include firewalls, routers, key servers or other devices or components that have an IP address that could be accessed.

Applications

Applications, whether on desktops, mobile devices or web-based, are the doorways for people to access information in today’s interconnected world. Penetration tests focused on applications are designed to help ensure their implementation and configuration are secure. Assessments are mainly focused on areas of greatest concern including denial of service, information leakage, authentication, privilege escalation, unauthorized modification, or data removal.

Physical Assessments

Physical penetration testing attempts to infiltrate an organization’s facilities through various means which may include access via secured doors; the evasion of motion sensors, security cameras and checkpoints; and even obtaining passwords written on post-it notes.

Physical tests can be performed overtly, covertly or hidden.

  • Overt tests are done in the open and with full knowledge by an organization’s staff.
  • Covert tests are performed without the knowledge of employees but generally occur during regular business hours.
  • Hidden tests are designed so that the tester gains access to the premises, obtains specific information and departs without being seen.

Social Engineering

Social Engineering relates to coercing individuals within an organization to inadvertently grant access to information to someone who does not have proper authorization. Examples of social engineering may include phishing, phone campaigns, and impersonation. Social penetration testing may be a component of a physical penetration test.

WiFi Security Assessments

These technologies pose unique threats because their signals propagate outside physical boundaries and are difficult to control. Poorly configured systems and weak security protocols allow for unauthorized eavesdropping and easy access. InteliSecure uses a proven methodology and sophisticated testing tools that prevent information, systems and networks from being compromised by:

  • Assessing your wireless environment
  • Identifying vulnerabilities and errant configurations
  • Validating existing controls
  • Prioritizing high risk findings and remediation techniques

Custom (VOIP, Remote Access VPN, Platform)

InteliSecure offers additional assessment and testing services around other key components of an organization’s IT infrastructure. These assessments include VoIP, remote access VPNs, platforms and supervisory control and data acquisition SCADA and industrial control systems (ICS).

Services revolve around ensuring systems are configured, installed and running appropriately.