Internal penetration testing is designed to mimic the risks that are associated with an attacked once they have penetrated the defenses you have in place for your network.
At TECEZE, we carry out thorough and laborious, end-to-end testing that helps us to identify any potential risks and then prevent internal attacks through the correct security.
What does the service consist of?
As soon as our experts set up on site, they will connect to your network using their laptops, then they will begin their testing. Any issues that are identified can be broken down into three categories.
This is a big problem because it is common for many boxes orapplications to be overlooked.
Both users and systems are commonly linked to passwords that are weak and easily guessed.
Often, build standards and policies are not strong enough and this means that unnecessary applications or access are allowed.
A hacker could take advantage of these and that would give them access to a host where privileges can be escalated or access may be given. Each test will involve a different method and that is determined by the network, the organisation, and the environment.
Prior to testing, testers are expected to read the scope and fully understand it. Before they get to work, any of the systems that are ruled out of scope should be null routed or any access should be prohibited. It is common for meetings to take place before the testing commences and this is to give the client reassurance and to go through the works that will be undertaken. This ensures that the tests run smoothly and that all hosts remain untouched.
The test begins by undertaking the host discovery phase and this then makes it possible to map the whole network as well as identify any targets that could be attacked during the latter stages of the process. Hosts that can be attacked can also be provided by the client as well as all network maps. This can then be used as a tool to make the discovery process faster but it is also useful should the client have specific hosts that they want to target. However, this documents is not always helpful as it can restrict the test, lowering the quality with regards to completeness and so, it should not be relied upon. Following this, the port scanning stage targets those systems that were identified in the previous stage. Therefore, each service on a host that is available externally will be assigned a port. By numbering the ports, it makes it possible to identify services that are likely to be targets of an attack such as Telnet, SSH and SMB services.
Following this step is vulnerability scanning. The aim of this stage is to identify any obvious attack vendors and services that are vulnerable. Further investigations are carried out as well as manual testing of all the identified issues and hosts that were identified in the previous steps. The goal of this is to exploit one or more issues manually or through the use of an exploit framework such as Metasploit. If done manually, it will involve brute force, default passwords or exploits that are not widely known.