To understand some of the best practices that we can employ when pen testing our network, we'll look at a case study. The following is a case study that John (a made-up character for our case study) performed on one of the leading medical organizations in the United States.
Case study
The organization has most of its services running on a single web server that was behind an IPS with a few other network services installed separately. The separate services included a mail server, the on-site employees' (system and network administrators) workstations, and a few other machines. They commissioned John to carry out the pen testing exercise to provide an analysis of how much their systems are at risk. The wanted to know whether, in the case of an attack, the breach can be extended and the different ways the system can be breached.
John was told that he had to carry...