Whitelisting for External Penetration Testing Services

This information is intended for clients who are receiving an External Penetration Testing service. If you are unsure whether this information applies to your organization, please consult with your Customer Success Manager.

Why should I whitelist?

During the defined testing period, the analyst must rapidly scan and test discovered services, which may cause an IPS to temporarily block or permanently blacklist the analyst's source IP address(es). This can limit the ability to test services that may otherwise be available, and consequently limit the ability to identify vulnerabilities on those services. Because of this, TraceSecurity recommends conducting external penetration tests with the testing source IP addresses whitelisted in any deployed intrusion prevention systems. This allows the analyst to simulate the evasion tactics that might be available to a real-world attacker, providing a means to generate the most complete and accurate assessment possible.

How do I whitelist?

The intrusion detection system/intrusion prevention system (IDS/IPS) management team will need to allow ping sweeps and port scans from the designated source IP addresses listed below. The IDS/IPS management team SHOULD NOT allow access to any otherwise filtered ports on any supporting firewall. The purpose of the whitelisting will be limited to preventing the source IP addresses from being completely blocked for breaking any IDS/IPS behavior rules such as ping sweeps or port scans.

The analyst IP addresses used for manual external testing are as follows:

174.69.226.251
174.69.226.254