Specifications include, but are not limited to: 1. The penetration testing shall provide a practical approximation of the weak points in Sandoval County's network infrastructure and selected applications, describing the risks of such vulnerabilities, and facilitating a plan for implementing remediation. 2. External Network Vulnerability Assessment and Penetration Testing. Conduct an External Network Penetration Test on 30 live external IPs. This test should be comprised of a series of assessments that should include the following example tasks, among others: Information gathering: Identify live hosts, operating systems, services provided, access control mechanisms, access servers, and any exposed interactions between systems. Generic vulnerability testing: Determine the presence of known vulnerabilities and document how they could be exploited. This includes vulnerabilities related to legitimately provided services such as HTTP, HTTPS, DNS, SMTP mail exchangers, Remote Access, and etc. Network characteristics and topology tests: Determine the presence and exploit vulnerabilities related to network topology, network components configuration, design principles, and protocol-specific characteristics. These include tests that consider spoofing techniques, protocol-specific tests such as usage of IP options, fragmentation, exploit of trust relationships, protocol encapsulation, routing tricks, design and implementation flaws in several network protocols and related services, etc.
