For customers· 4 min read

Network Penetration Testing: What Should Be Tested and How

Network security assessment guide. Learn what network penetration testing covers and how to evaluate network security providers.

A network penetration test reveals what attackers already know about your systems—the gaps, weak credentials, and misconfigurations they'd exploit for entry. Unlike a vulnerability scan that generates a list of CVEs, a real pen test actively attempts to breach your network and extract data. Understanding what gets tested and how ensures you're hiring someone who'll actually strengthen your defenses rather than just running automated tools.

What Gets Tested in a Network Penetration Test

Network pen testing covers the entire attack surface visible from outside and inside your infrastructure. Testers probe firewalls, routers, switches, and wireless networks for weak configurations. They target internet-facing applications, VPNs, email servers, and remote access points—anywhere an attacker might gain initial entry.

Internal testing is equally critical. Once inside, testers simulate lateral movement across your network, testing segmentation, access controls, and privilege escalation paths. They'll attempt to move from a compromised workstation to sensitive systems like domain controllers or databases. This reveals whether your network assumes internal threats are handled or relies entirely on perimeter defense.

Testing Scope and Boundaries

Before hiring a penetration tester, define exactly what's in scope. A typical engagement includes:

  • External testing: Public-facing servers, web applications, DNS configurations, email systems
  • Internal testing: Workstations, servers, network devices, wireless networks
  • Application testing: Authentication mechanisms, input validation, API endpoints
  • Physical security: Badge access, server room locks, facility perimeter (if applicable)
  • Social engineering: Phishing campaigns, pretexting calls, physical infiltration attempts

Your tester should exclude specific systems or networks to prevent disruption—SCADA systems, production databases during peak hours, or third-party SaaS platforms you don't own. Clearly documented scope prevents scope creep, prevents surprise downtime, and keeps costs predictable. Most vendors charge $3,000–$8,000 for small networks and $15,000–$50,000+ for enterprise environments.

How Penetration Testing Actually Works

A real engagement follows a structured methodology, typically resembling NIST or OWASP frameworks. Here's what happens:

Reconnaissance and scanning comes first. Testers gather intelligence on your public presence—domain registrations, job postings, social media leaks, DNS records. They scan for open ports, running services, and software versions without attempting unauthorized access. This phase usually takes 1–2 weeks.

Exploitation follows. Using discovered vulnerabilities, testers attempt actual compromise. They'll try common default credentials, SQL injection, buffer overflows, phishing, or firmware exploits. Success means they've proven a real attack path exists, not just a theoretical vulnerability.

Post-exploitation tests whether a foothold can become full compromise. Testers attempt lateral movement, privilege escalation, and data exfiltration. Can they access customer databases? Modify firewall rules? Install persistence mechanisms? These questions reveal your actual security posture.

Reporting is critical. Good reports don't just list vulnerabilities—they explain business impact, exploitation difficulty (CVSS scores), and step-by-step remediation. A $20,000 test with a vague report wastes money. Expect detailed documentation of every successful attack, screenshots, proof of concept code, and prioritized remediation guidance.

Timeline and Testing Frequency

A typical network penetration test takes 2–4 weeks for small networks and 4–8 weeks for enterprise environments. Timeline depends on network size, complexity, and whether social engineering or physical testing is included. Expect that intensive testing may briefly impact network performance or cause service interruptions during active exploitation phases.

Test at least annually, or whenever significant infrastructure changes occur (new cloud adoption, major application deployments, office expansions). After remediation, request a follow-up test to verify fixes actually work—many teams patch the wrong things or miss the underlying issue.

Choosing the Right Tester

Look for testers with certifications like OSCP, CEH, or GPEN, but verify they have real-world experience with your industry. A healthcare provider's pen tester should understand HIPAA implications. A financial services tester should know PCI-DSS requirements.

Request references and previous reports (redacted for privacy). Compare proposals on Mercoly to see how different providers structure their engagement, pricing, and deliverables side-by-side.

Avoid testers who guarantee no findings—either your network is unrealistically secure or they're not testing properly.

Frequently Asked Questions

Q: What's the difference between a vulnerability scan and a penetration test? A vulnerability scan runs automated tools to detect known CVEs and misconfigurations but doesn't attempt exploitation. A penetration test actively exploits vulnerabilities to prove real impact and chains multiple findings to simulate an actual attack.

Q: How much should a network penetration test cost? Pricing ranges from $3,000–$8,000 for small networks (under 50 hosts), $10,000–$25,000 for mid-market (50–500 hosts), and $25,000–$100,000+ for enterprise environments, depending on scope complexity and testing duration.

Q: Can we do penetration testing without taking systems offline? Yes, most testing occurs without intentional downtime, though active exploitation may briefly impact performance. Agree with your tester on quiet hours and which systems require testing windows outside business hours to minimize disruption.

Find trusted penetration testing providers in your area on Mercoly to compare credentials, pricing, and past client reviews before booking.

Looking for Penetration Testing & Vulnerability Assessment?

Compare trusted Penetration Testing & Vulnerability Assessment providers on Mercoly — browse profiles, products, and services and reach out in one place.

Related articles

More in IT Services & Managed Support · Penetration Testing & Vulnerability Assessment