Internal Network Penetration Testing

COVID-19: remote delivery options

We want to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. We have adjusted our delivery methods to allow us to provide consultancy services, penetration tests and training remotely where necessary. For more information, please refer to our COVID-19 policy.

What is an internal network penetration test?

An internal, or internal infrastructure, penetration test assesses what an insider attack could accomplish. An insider refers to anyone that has access to organisational applications, systems and data. This can include employees, contractors or partners.

The target is typically the same as external penetration testing, but the major differentiator is the attacker either has some sort of authorised access or is starting from a point within the internal network.

Internal network test generally:

  • Tests from the perspective of both an authenticated and non-authenticated user to assess potential exploits;
  • Assesses the vulnerabilities that exist for systems that are accessible to authorised login IDs and that reside within the network; and
  • Checks for misconfigurations that would allow employees to access information and inadvertently leak it online.

Once identified, the vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. These can then be resolved in line with the network owner’s budget and risk appetite, inducing a proportionate response to cyber risks.

Speak to an expert

For more information on how our CREST-accredited penetration testing services can help safeguard your organisation, call us now on
+353 (0) 1695 0411, or request a call back using the form below

Get in touch

Did you know?

  • 98% of internal assessments found personal customer information publicly accessible on the web — a 20% jump from 2018.
  • 100% of assessments found sensitive corporate data begin transferred via unsanctioned cloud, file-sharing apps or unencryted USBs.
  • 73% of organisations confirm insider attacks are becoming more frequant.

Insider Threat Intelligence Report, Dtex Systems (2019)

Insider threats are among the most difficult for enterprises to detect and stop. One of the main reasons for this is the sheer scope for attacks. It include everything from staff accidentally losing or damaging data, to malicious actors stealing information or compromising systems.

Internal users often bypass physical controls designed to protect computer resources. For most organisations, this means the internal network is where they are most vulnerable.

Benefits of an internal network penetration test

Our penetration tests will help you:

  • Gain real-world insight into your vulnerabilities;
  • Identify what information a rogue employee could exploit;
  • Determine whether partner organisations access more internal resources than you intended;
  • Identify any patches that need to be installed;
  • Harden your access controls; and
  • Enable encryption or choose a more secure protocol.

Is an internal network penetration test right for you?

If you are responsible for your internal network, you should ask yourself:

  • Are your workstations and devices secure?
  • Is there a risk to your network from weak/default passwords?
  • Can someone on the inside gain access to the entire internal network?
  • Do you suffer from information leakage?
  • Have you assessed your intranet application for vulnerabilities?
  • Are your systems adequately patched?
  • Is your third-party access robust?

Our engagement process

Our CREST-accredited penetration testers follow an established methodology based primarily upon the Open Source Security Testing Methodology Manual (OSSTMM). This approach emulates attackers’ techniques using many of the same readily available tools.

  1. Scoping - Before a test, our account management team will discuss the requirements for your network/infrastructure assessment to define the scope of the test.
  2. Reconnaissance - IT Governance will enumerate your network assets and identify any holes in your systems where malicious actors could break in.
  3. Assessment - Using the information identified in the reconnaissance phase, we test the identified hosts for potential vulnerabilities. 
  4. Reporting - The results will be thoroughly analysed by an IT Governance certified tester. A full report will be prepared that sets out the scope of the test and the methodology used along with the risks identified. This will provide your organisation with the ability to produce an accurate threat and risk assessment.
  5. Re-test - We can provide access to our testers and the raw test data to support and expedite remediation. We can also retest your systems so that you can be sure all the issues have been successfully resolved.

How IT Governance can help you 

CREST-accredited

CREST-accredited penetration testing services give you all the technical assurance you need.

Choose your test

You can choose the level of penetration test to meet your budget and technical requirements.

Straightforward packages

We are pioneers in offering easy-to-understand and quick-to-buy penetration testing.

Reports you can understand

We provide clear reports that can be followed by engineering and management teams alike.

Our penetration tests comply with the Microsoft Rules of Engagement

For Azure clients, this means we take care to limit all penetration tests to your assets, thereby avoiding unintended consequences to your customers or your infrastructure.

Companies using our penetration testing services

top
This website uses cookies. View our cookie policy
GET THE LATEST SCOOP