Keeping safe from the inside with an
Internal Network Penetration Test
Historically, organisations have focused all their attention on protecting their business at the perimeter. They have made significant investments in firewalls, intrusion prevention systems, web application firewalls and a myriad of other gateway solutions.
However, the way conduct business and consume products has changed the environment in which we work. There really isn’t a perimeter anymore – thanks to the ubiquity of mobile devices, social networking, wireless networking, and cloud computing. Our data is everywhere, and its accessible.
While attacks may originate from external sources, an unsuspecting party that clicks on a link or executes malicious code can be easily compromised and used as a pivot point to attack other systems or data in the internal network.
A successful external attack can quickly become a broader internal attack.
The internal network penetration test (INPT) creates a replication of an inside attack, whether it be a spiteful employee or an outside attacker that has gained internal access criminally.
SOS Internal Network Penetration Test
An Internal Network Penetration Test shows how an insider can infiltrate the internal network and computer system and gain access to classified information.
This test is very similar to the external penetration test; however, the main difference is that the attacker either has approved access or is starting from the inside.
Test Scenarios include:
- Information Gathering
- Reconnaissance
- Port Scanning
- Enumeration
- Vulnerability Scan
- Vulnerability Analysis
- Reporting
Areas of concern:
- Weak system configuration management and hardening which facilitates compromise and lateral movement through the network,
- Outdated or End-of-Life (EOL) operating systems and application versions which allows unauthorised access to the systems and data;
- Inadequate user account/password/privilege management which results in weak passwords leading to unauthorised access and privilege escalation,
- Lack of network segmentation and outbound access control that facilitates attack or data exfiltration, Limited protection against network level Man-In-The-Middle or Denial of Service attacks;
- Anti-virus deployment and configuration issues, insufficient security event auditing/logging, and legacy physical security controls that are susceptible to attack.
- Human error, a disgruntled former employee, or a deliberate internal threat actor can cause irreparable damage to a company or institution. An in-depth internal and external security approach is a must for information security.
