Penetration Testing

We have drafted up two scenarios as to what we might want to do down the line for a Pen Test.

What I would like to see is, at a high level, your approach to the following might be. The types of things I would be interested in is the lead time consultancy to put the review plan in place, time to execute the plan, time to report on the overall exercise.

I would also like to get a feel for how this review would be conducted

Scenario 1 – Internet Facing:

Three tier environment: DMZ (Presentation), Secure Zone (Business Logic), Internal Network (Data)

Zone 1 (DMZ): 2 Windows 2003 RC2 servers with IIS 7 clustered across two physical data centres.

Zone 2 (Secure Zone): 2 Windows 2003 RC2 servers running as .Net application servers clustered across two physical data centres.

Zone 3 (Internal Network): 2 Windows 2003 RC2 server running SQL Server or a Web Service from .Net.

Each zone is fire walled front and back.

Scenario 2 – Accessed by a SSL VPN:

Two tier environment: Secure Zone (Presentation), Internal Network (Business Logic & Data)

Zone 1 (Secure Zone): 2 Windows 2003 RC2 servers running as IIS7 clustered across two physical data centres.

Zone 3 (Internal Network): 2 Windows 2003 RC2 server running .Net Application servers and SQL Server – may also have a Web Service.

Each zone is fire walled front and back, the SSL VPN appliance sits outside a firewall.

Numer ID Projektu: #384247

O projekcie