Internal Network Penetration Testing
Benefits of an internal network penetration test
- Set a goal
Use scenarios to test your internal network to see if attaining that goal is feasible. This could be gaining access to financial data or gauging the amount of unauthorized access a contractor has to resources on a network.
- Identify inconsistent patching issues
Identifies patching inconsistencies that could be taken advantage of to gain direct access to the hosts. Typically, patching issues are discovered on hosts on the network that were forgotten about or not authorized to be placed on the network.
- Host misconfiguration
Information could be leaked or direct access gained by exploiting vulnerabilities or guessing passwords to administrative accounts as a result of insecurely configured servers and networking equipment.
- Network segregation
The separation of virtual networks can be tested to assess the effectiveness of any measures that have been taken to segregate sensitive systems from day-to-day systems.
- Create an attack chain
Learn how the vulnerabilities that have been discovered can be combined to create attack scenarios that could be used to fully breach your information and understand how a defense in-depth approach will be effective.
Our approach to internal network penetration testing
Internal networks can be vast and complex. Our dynamic approach aims to find the hosts and then vulnerabilities that arise, from patching issues to misconfigurations.
We use a combination of manual and automated penetration testing techniques to identify vulnerabilities thoroughly and efficiently using commercial and open-source tools.
There are a number of approaches that we use to exploit vulnerable targets including:
- Attempting default user accounts and passwords
- Assessing networking equipment
- Re-using passwords
- exploiting default settings
- Identifying vulnerabilities within the underlying operating system
- Exploiting out-of-date software
- Testing the configuration of the Active Directory environment
- Escalating privileges within the environment to increase access
Flexible penetration testing - we adapt to you
We offer both remote and onsite network penetration testing, so you can decide what’s best for you. Our popular remote service means that we do not have to travel to attend your offices, instead, you can easily communicate with our attentive testers through Informer’s platform.
Frequently asked questions
How safe is my network while you're testing?
Inevitably, there’s always a level of risk to any security test, but we are meticulous about the tests that we run.
Do you need to attend our office?
You have the choice - we can either do onsite testing or test remotely, which is popular - saving on travel expenses and time.
How does this type of testing satisfy ISO27001 requirements?
Can you work out of hours?
We can work out of hours for an additional charge. If part of your infrastructure is in a time zone that is in our normal working business hours, you won’t be charged.
Do you offer a retest?
We offer a retest if you were to use our remote internal penetration testing offering.