What is infrastructure testing for?
First of all, it depends on which infrastructure is being tested — internal or external.
External infrastructure is an organization’s resources accessible from the Internet: websites, servers, and even end devices that can be accessed from the outside. The most popular service for its verification is penetration testing.
Let’s say the company has Example Ltd. there is a website example.com . She turns to the penetration testing service with a request to check the external perimeter. To do this, they provide a specific list of resources — for example, IP addresses and domain addresses – or ask you to compile it yourself.
Internal infrastructure — resources available only within the corporate network: printers, network drives, Active Directory domain controller, automated control system administration panels, databases, employee workstations, and so on.
For her, a security analysis is carried out more often.
This is convenient for the Blue Team: they can capture network traffic, sample requests, and collect data for cyber incident detection and response systems.
Other types of testing are carried out by companies with a fairly mature level of information security — for example, large factories or telecom providers. There can’t be any other way — there are too many risks associated with data leakage. These are rather lengthy processes, lasting from three months to several years.
Regardless of the type of testing and belonging to a particular team, it is better for information security specialists to always be in touch — for example, to create a general chat and share knowledge. Although it often becomes a chat for the claims of one team to another.
It is desirable that there be an arbitrator represented by a representative of the customer — the so-called Purple Team, which will ensure effective interaction between the “red” and “blue”.