What is “Internal” Penetration Testing?
In the video below, Mike continues his video series on penetration testing services comparisons, and defines Internal Penetration testing. He also compares it to the other types (i.e. external pen testing, social engineering, and physical security pen testing).
Want Mike’s recommendations on the best pen testing services companies to quote for your organization? Click the button below and ask him today.
About Mike
Mike Smith is the Founder and President of AeroCom and has been helping companies with telecom and cloud services since 1999. He has been the recipient of numerous business telecommunications industry awards, including being recognized as one of the top 40 business people in Orange County, CA., under 40 years old. You can also hear him as the host of the popular Information Technology podcast, ITsmiths with Mike Smith. Follow Mike on YouTube, LinkedIn, Reddit and SpiceWorks.
Transcript
Your company is looking to do some penetration testing and you’re wondering, “Where do we start?”
Well, you might want to start with some of my other videos on where I think, in my opinion, penetration testing falls in the scope of things. I feel it actually is one of the last things you should do in terms of cybersecurity preparedness, but watch that other video, see what you think.
You also might want to watch my other videos on things like white box and black box and gray box penetration testing. That might be useful as well in terms of places to start.
But today, I wanted to talk to you about internal penetration testing and compare that to the other categories that I think. I think there are really four categories in penetration testing. There’s external, internal, social engineering, and physical security. So today I wanted to briefly tell you what I think is included in internal penetration testing, which I think is important for you to know so that when you’re deciding which type of penetration testing do we need, you want to go over external applications.
You want to say, “Hey, which internal things do we need to test?” And the others as well. Do we need to do social engineering and physical security? So, it’s good to kind of categorize them to go through and think of what you need tested.
Shortcut
So before I get started, really quick though, if you want to know which penetration testing companies your organization should be quoting, don’t research it on your own. Just contact me via email or phone (714.593.0011). That’s my job. I’m a broker for all this stuff. More information on that at the end of the video.
What is Internal Penetration Testing?
But in the meantime, back to the topic, what is internal penetration testing? So really quickly, it’s just anything inside of your firewall. So your network switches, your routers internally, internet like IOT devices, VoIP servers, internal servers, laptops, desktops, mobile devices, anything like that that’s sitting inside of your firewall on your network, internal infrastructure, that would be considered internal penetration testing.
So think about that. Think about what falls underneath that category for your organization and what things you want to include on the penetration test. What things are really important and really vulnerable, big security risk for your organization that you definitely want to include on that testing?
If something’s internal, it’s not that big of a deal, well, then don’t include it, but any type of technology that’s inside of the firewall, I would consider an internal penetration test.
So I hope that is helpful. If so, please don’t forget to like the video and subscribe to the channel.
More questions about penetration testing services?
Also, if you want to know which penetration testing companies your organization should be quoting, again, reach out to me, email me, give me a call (714.593.0011). I’m happy to help. I’d love to talk about this stuff.
I know all of the vendors in the marketplace. I’m a broker for all the major service providers for cybersecurity services, for VoIP services, SD-WAN, all kinds of different stuff. So reach out to me, I’d love to ask you a few questions about your organization, and based on that information, I will tell you the small handful of vendors your company should be quoting and why, and also introduce you to the right people. And it’s absolutely free to you. It doesn’t cost you anything to get my opinion on that stuff.
So no excuse not to reach out, I’m happy to help, and I will catch you on the next video.
Related Content
Penetration Testing Services Comparison: What should your report look like?
When you're comparing penetration testing services for your organization, what should the final report […]
Penetration Test vs. Vulnerability Scan: What is the difference?
What is the difference between a penetration test and vulnerability scan, for cybersecurity?
In the […]
Penetration Testing Services Comparison: What is Physical Security pen testing methodology?
What is physical security penetration testing methodology?
In the video below, Mike continues his video […]
Penetration Testing Services Comparison: What is Social Engineering Pen Testing Methodology?
What is "social engineering" penetration testing methodology?
In his latest video, Mike continues his […]
Penetration Testing Services Comparison: What is an External Pen Test?
What is an external pen test?
In the video below, Mike continues his video series on penetration testing […]
Penetration Testing Services Comparison: Gray Box
When comparing penetration testing services, it's important to understand gray box testing, and how it's […]