Ok, I'm not real sure where this post should go, so for now I'm just going to drop it in to the MS Security forum until someone points me to a better forum (I didn't think this really belonged in the newbie security forum and I don't see a real home for this type of question)

So here is the deal. My company has recently tasked me to do formal penetration testing of our network (both internal and external). I have never done this on a formal basis and was wondering if any of you had before. I'm looking for methedology, white papers and tool suggestions for this. I have done some googling on it but what I mostly find is companies that provide this service for a fee and unfortunately my company is being rather tight fisted at the moment and they don't want to pay someone from outside to do this.

I do have some of my own tools, but most of my time has been spent in the firewall world and some bit in IDS technologies. I have used, to a certian degree, stuff like Netcat, Retina, etc to scan and footprint, but I don't know if this is enough for them or not. They seem to want true penetration testing, and I have tried to explain to them I'm not really the guy they want for this and that they should hire someone from outside that does this for a living, but like I said they are fairly tight fisted about this whole thing and want to do it "in house" for some reason.

So, does anyone here have suggestions, comments, ideas, etc? TIA