Network Penetration Test aims to identify vulnerabilities and risks in the network which may impact the Confidentiality, Integrity, and Availability (CIA) triad of data by simulating a real-world attack.
It is conducted on external or public facing network to identify vulnerabilities that are visible to outsiders at large. It is done from any remote location over the internet without any explicit access permissions to the organizations network.
It is conducted on the internal network to identify vulnerabilities that are visible to potential insiders, contractors, partners with malicious intent. It is done at the vicinity of organizations network with access permissions given to the attacker to show what risk is posed to information systems by organizations employees, contractors and guests.