Internal Penetration Testing

Internal infrastructure testing

Penetration Testing: Internal Infrastructure

To manually identify critical infrastructure vulnerabilities that exist on targeted, internal systems within scope, Minatio's Internal Network Security Penetration Test utilizes a risk-based approach.

The primary goals of this assessment are to:

  • Create a basis for future decisions regarding your resource allocation and information security strategy.
  • Provide details to facilitate a cost-effective targeted mitigation approach, and recommendations.
  • Provide management with an understanding of the level of risk from malicious users connected to the internal network.

 

Why perform an Internal Network Security Assessment?

  • To identify and validate all security vulnerabilities associated with most critical internal systems.
  • To execute a real-world attack on critical infrastructure and understand the level of risk that exists at a single moment in time.
  • To understand the level of risk for your organization compared to similar companies.
  • To ensure your critical data and systems are secure from an internal attack.
  • Specific regulatory requirements, such as PCI DSS 11.3.1., would be satisfied by performing these assessments within this scope on a regular basis.

Minatio Penetration Testing Process

Minatio Internal Penetration Testing Process

Scope: Penetration Testing: Internal Infrastructure
Minatio’s internal penetration testing is to validate that access to your systems is restricted to internal security domains. Minatio will customize the scope of the assessment based on your specific requirements.

Vulnerabilities validated are often associated with the following three categories:

  • Network-layer password weaknesses.
  • Software flaws
  • System configuration settings

The devices tested include those associated with the target environment, such as:

  • Email and DNS services
  • Other servers.
  • Firewalls
  • Routers and Switches

Disruption to operations will be minimized.

Methodology: Penetration Testing: Internal Infrastructure

The Assessment begins with network reconnaissance followed by a process of data collection to learn as much as possible about the internal network topology and its hosts. Next is each component of the network is analyzed in the enumeration phase to extract details about its service types, operating systems, configuration parameters and protocols supported,. A number of paths exist from this point to system or data compromise. Identifying a weak password, exploiting known or suspected software vulnerabilities or manually discovering a configuration flaw in the service is the result of a successful penetration test. As the penetration testing process progresses through the network, the risk level for issues identified also escalates.