Internal Network Security Assessment and Penetration Test
The internal network security assessment, which is also called internal “penetration test” or internal “ethical hacking,” is a process that simulates an insider hacker who could be either a malicious employee or an attacker who has gained illegal access to the internal perimeter of the organization. Malicious insiders pose a greater threat than external attackers, and as such, ensuring the internal security of the organization should be taken seriously.
The internal penetration test shows how a malicious insider can compromise the internal network and computer system and gain privileged access to confidential and sensitive information. The test is conducted by one or more qualified information security professionals. The tester will conduct the test from within the internal perimeter of the client’s network.
The internal network security assessment typically involves the following tests:
- Traffic eavesdropping and hijacking
- Attempts to gather confidential information, such as, emails or documents
- Attempts to obtain administrative and users’ passwords
- Attempts to exploit internal SQL and Web servers
- Attempts to exploit the internal Email servers
- Attempts to exploit the internal FTP and SSH servers
- Assessing the wireless network security
Our final report includes an executive section, which is a non-technical summary of the security issues, that is suitable for managers and executives; and it also includes a technical section with detailed descriptions and recommendations that is suitable for IT administrators and engineers. Along with the report, our clients get a face-to-face meeting with our security professionals to brief them about the report and help explain any difficult point.
Conducting regular penetration tests – annually, biannually, or quarterly – is a prerequisite for any organization wishing to become ISO certified in information security or be in compliance with the PCI DSS regulation.