Internal Network Penetration Testing

An Internal Penetration Test differs from a vulnerability assessment in that it actually exploits the vulnerabilities to determine what information is actually exposed. An Internal Penetration Test mimics the actions of an actual attacker exploiting weaknesses in network security without the usual dangers. This test examines internal IT systems for any weakness that could be used to disrupt the confidentiality, availability or integrity of the network, thereby allowing the organization to address each weakness.

​

Solid Security Services and Compliances' Internal Penetration Test follows documented security testing methodologies which can include:

​​

·      Internal Network Scanning

·      Port Scanning

·      System Fingerprinting

·      Services Probing

·      Exploit Research

·      Manual Vulnerability Testing and Verification

·      Manual Configuration Weakness Testing and Verification

·      Limited Application Layer Testing

·      Firewall and ACL Testing

·      Administrator Privileges Escalation Testing

·      Password Strength Testing

·      Network Equipment Security Controls Testing

·      Database Security Controls Testing

·      Internal Network Scan for Known Trojans

·      Third-Party/Vendor Security Configuration Testing

​

Solid Security and Compliances' Internal Penetration Test also includes access to the SSAs' advisory team to aid in remediation of found issues.

 

The report generated as the output of this work is designed for both executive/board level and technical staff.

​

Why should we perform an Internal Penetration Test?

​

Internal Penetration testing allows organizations to test, if an attacker had the equivalent of internal access how they may they may have access to perform unauthorized data disclosure, misuse, alteration or destruction of confidential information, including Non-Public Personal Information (NPPI).

​

The internal network, (file servers, workstations, etc.), of the organization is exposed to threats such as external intruders, after breaching perimeter defences, or malicious insiders attempting to access or damage sensitive information or IT resources.  Therefore organizations are encouraged to test the internal network at least as frequently as they do the external perimeter.

​

Best Practice recommends that each organization perform an Internal Penetration Test as part of their regular Security Program in order to ensure the security of their internal network defences.