Internal Penetration Testing

We recommend an internal network security assessment to all our clients who have sensitive information stored on their intranet or internal network, and prefer not to have them accessed by employees without proper roles or authorization.
Statistics show that the most devastating attacks are partly or completely committed by the company’s own dissatisfied or angry employees, as they try to push an advantage that they believe to be rightful or just. Their intention is not necessarily to cause effective damage to company value. Curiosity often serves a great motivation as well – accessing sensitive information that should normally remain undisclosed holds out the promise of knowledge and power.

Assessment of WiFi networks is closely related to the internal vulnerability assessment described earlier, as WiFi networks are directly connected to the local area network (LAN). However, they have a much greater signal coverage than the physical area of the office itself. If a hacker ever successfully gained access to the WiFi network, he would have the same set of rights as a registered internal company user does. He would then have the chance to implement transparent data mining, elevate his level of privilege, or carry on with taking over any of the devices found on the corporate network without anyone ever noticing.

An internal vulnerability assessment takes place locally at the customer’s office with a direct physical link to the LAN, or through a secure VPN connection. Software functions and services are then picked up and examined to see if they can be exposed, and if so, which roles are affected (e.g. a guest account or an average employee).