A penetration test is the key stage in understanding security vulnerabilities and risks of your computing networks, applications and infrastructure. It is conducted in the form of malicious attack simulation both off-site (testing the external network and software vulnerabilities), and on-site - perceiving an authorized user to circumvent controls.
During the external penetration testing typically a machine outside the firewall is utilized. Initial investigation allows the engineers to research access structures and determine what might be possible from the external network, how to work through the firewall, what can be seen, what services are running, what can be accessed that will provide initial information on vulnerabilities that may exist. In addition to providing an initial set of findings, information gathered here will be used later during on-site testing of the logical controls.
On-site testing is focused on authorized user's (with basic userID and password) opportunities. Testers will draw on information gleaned in eyes-shut testing, as well as determine what tasks / activities it can break out of to move through the firewall into the network. JANUS will attempt to guess passwords and circumvent controls as it moves about the network and documents what it is allowed to access.
External Penetration Test
Internal Penetration Test