Internal Penetration Testing
Assessment of WiFi networks is closely related to the internal vulnerability assessment described earlier, as WiFi networks are directly connected to the local area network (LAN). However, they have a much greater signal coverage than the physical area of the office itself. If a hacker ever successfully gained access to the WiFi network, he would have the same set of rights as a registered internal company user does. He would then have the chance to implement transparent data mining, elevate his level of privilege, or carry on with taking over any of the devices found on the corporate network without anyone ever noticing.
An internal vulnerability assessment takes place locally at the customer’s office with a direct physical link to the LAN, or through a secure VPN connection. Software functions and services are then picked up and examined to see if they can be exposed, and if so, which roles are affected (e.g. a guest account or an average employee).