Network penetration tests are used to identify security weaknesses within the networks (both internal networks and external networks). This includes testing for correct network segmentation and appropriate security boundaries.
Malicious hackers can take advantage of vulnerabilities in network security to compromise the whole infrastructure and thus gain control over all nodes within the network.
Network penetration tests usually take place after a successful compromise of an entry point. An example is the compromise of a Web Application, which leads to full control over the underlying operating system, thus gaining access to the internal network. Another example is to give an ethical hacker VPN access to the internal network.
By testing the internal network infrastructure steps are taken to provide an additional security layer for the organization, meaning a compromise of a single host might not result in a complete compromise of the whole organization. The ethical hacker will actively target hosts in the internal network to provide assurance of best practices in regards to the network configuration. In general, there is no time limit for a network penetration test.
The duration for a successful test is depended on the size of the network itself and services running on these hosts, as well as the size and skill of the testing security team.
If you like this blog post, find more content in our Glossary.