Penetration Testing
$750-1500 USD
Płatność przy odbiorze
We have drafted up two scenarios as to what we might want to do down the line for a Pen Test.
What I would like to see is, at a high level, your approach to the following might be. The types of things I would be interested in is the lead time consultancy to put the review plan in place, time to execute the plan, time to report on the overall exercise.
I would also like to get a feel for how this review would be conducted
Scenario 1 – Internet Facing:
Three tier environment: DMZ (Presentation), Secure Zone (Business Logic), Internal Network (Data)
Zone 1 (DMZ): 2 Windows 2003 RC2 servers with IIS 7 clustered across two physical data centres.
Zone 2 (Secure Zone): 2 Windows 2003 RC2 servers running as .Net application servers clustered across two physical data centres.
Zone 3 (Internal Network): 2 Windows 2003 RC2 server running SQL Server or a Web Service from .Net.
Each zone is fire walled front and back.
Scenario 2 – Accessed by a SSL VPN:
Two tier environment: Secure Zone (Presentation), Internal Network (Business Logic & Data)
Zone 1 (Secure Zone): 2 Windows 2003 RC2 servers running as IIS7 clustered across two physical data centres.
Zone 3 (Internal Network): 2 Windows 2003 RC2 server running .Net Application servers and SQL Server – may also have a Web Service.
Each zone is fire walled front and back, the SSL VPN appliance sits outside a firewall.
Numer ID Projektu: #384247