Firewall Ruleset Review
As part of establishing good network segmentation is the ability to review your internal and external firewalls and make sure you are evaluating and defining your program around establishing good maintenance around your firewall rules. Many companies fail to evaluate their firewalls and become victims to cyber-attack. If you are properly segmented but have not dealt properly with your firewalls you will inevitably end up with a breach. Setting correct parameters and policies and procedures surrounding your fire wall infrastructure is critical to your business processes and organization as a whole.
The pen tester has no knowledge of the environment and, from the outside, tries to find out how to get into the target system as an outside attacker.
Black box tests are most often used on showcase sites (with no member area) because no additional information would be required for the hacker to go further and perform an attack.
Black box tests therefore assess the risks and the kind of information the hacker would be able to obtain and thus to highlight the risks incurred in the case of an attack.