Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security
 
Keeping safe from the inside with an

Internal Network Penetration Test

Historically, organisations have focused all their attention on protecting their business at the perimeter. They have made significant investments in firewalls, intrusion prevention systems, web application firewalls and a myriad of other gateway solutions.

However, the way conduct business and consume products has changed the environment in which we work. There really isn’t a perimeter anymore – thanks to the ubiquity of mobile devices, social networking, wireless networking, and cloud computing. Our data is everywhere, and its accessible.

What can happen inside?

While attacks may originate from external sources, an unsuspecting party that clicks on a link or executes malicious code can be easily compromised and used as a pivot point to attack other systems or data in the internal network.

A successful external attack can quickly become a broader internal attack.

The internal network penetration test (INPT) creates a replication of an inside attack, whether it be a spiteful employee or an outside attacker that has gained internal access criminally.

SOS Internal Network Penetration Test

An Internal Network Penetration Test shows how an insider can infiltrate the internal network and computer system and gain access to classified information.

This test is very similar to the external penetration test; however, the main difference is that the attacker either has approved access or is starting from the inside.

Test Scenarios include:

  • Information Gathering
  • Reconnaissance
  • Port Scanning
  • Enumeration
  • Vulnerability Scan
  • Vulnerability Analysis
  • Reporting

Areas of concern:

  • Weak system configuration management and hardening which facilitates compromise and lateral movement through the network,

  • Outdated or End-of-Life (EOL) operating systems and application versions which allows unauthorised access to the systems and data;
  • Inadequate user account/password/privilege management which results in weak passwords leading to unauthorised access and privilege escalation,
  • Lack of network segmentation and outbound access control that facilitates attack or data exfiltration, Limited protection against network level Man-In-The-Middle or Denial of Service attacks;
  • Anti-virus deployment and configuration issues, insufficient security event auditing/logging, and legacy physical security controls that are susceptible to attack.
  • Human error, a disgruntled former employee, or a deliberate internal threat actor can cause irreparable damage to a company or institution. An in-depth internal and external security approach is a must for information security.

Sense of Security experience and expertise ensures cyber resilience at every level through our penetration tests.

Speak to one of our trusted experts on
1300 922 923 or make an enquiry today.