Re: External Penetration Question

[krymson () gmail com]

There are a couple of things to say about this.

1) Do you host your corporate web site on the Internet? This would be publicly accessible and thus part of an external 
pen-test. In addition, if you manage a lot of your own infrastructure, that would also be valid (DNS, mail servers).

2) The firewall itself, by its own nature, has to be accessible from the outside world for you to get Internet access. 
Therefore, the firewall itself can be tested for misconfigurations, default accounts, etc. Besides, you never know if 
an admin poked a hole for himself to get to his computer from home, and never fixed that up...

3) Lastly, what if you did have some web servers or a misconfiguration? I could poke at your web servers for a hole. If 
I find one, your NAT'd IP space means nothing now. Once I get control of one system inside your network, I can use its 
network context for further attacks.

Think of it like one enemy attacker getting inside your walls and holing up inside a building that you thought was 
safe. He can scout and move into other buildings at will, using your own streets and streetlamps, your internal network 
and IP space.

Does that help a bit?

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------