Specifications include, but are not limited to: 2.1 Internal Penetration Testing • Assess the effectiveness of existing security controls such as firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security measures, and others. • Enumerate and assess the security posture of the of the internal network environment, simulating attacks in a controlled manner. • The internal environment consists of approximately 300 servers and endpoints of varying operating systems. 2.2 External Penetration Testing • Evaluate the strength of external-facing assets and security devices such as firewalls, web servers, load balancers, and SFTP servers. • Enumerate and assess the security posture of the entirety of all public-facing IP addresses, servers, and services – simulating attacks in a controlled manner. • The external IP range consists of about 110 addresses.
