INTERNAL PENETRATION TESTING
Know your unknowns through an internal network penetration test to assess, and quantify the internal infrastructure security vulnerabilities across corporate or production internal networks. It helps you to prepare a risk mitigation approach meant to reduce the attack surface and improve internal security posture – the most critical component of a corporate cyber security strategy.
What is internal network penetration testing?
An internal network penetration test simulates an insider attack on organisational applications, systems and data. This insider could be an employee, contractor or partner who has internal access to the network.
Internal pen testing exercise in other terms establishes the true picture of an organisations’ risk posture. It helps CTOs/CISOs assess cultural practices around information storage, secure hardening, patch management, passwords analysis, active directory group policy, network equipment hardening and many more elements.
This is your assurance exercise to establish a secure and robust infrastructure for your organisation. Amongst various types of security exercises, this one is the best form to prepare against data breaches.
Internal network penetration test methodology
01. Initial Scoping & Objectives
Our internal penetration testers work with you to define the assets in scope covering primary security concerns and any regulatory requirements.
Specific internal pentests defined against certain targets are defined under ‘white box’, ‘black box’ or ‘grey box’ testing methodologies to define internal penetration test cases before starting the assessment.
04. lateral movement & exploitation
Initial access is gained by exploiting weaknesses identified in the previous discovery phase. Privilege escalation attempts and lateral movement actions are carried out to infiltrate and gain proper access into the network(s).
Further internal vulnerabilities are exploited in a safe manner to measure the extent of exploitation, leading up to domain administrator account compromise.
02. reconnaissance & intelligence gathering
Reconnaissance phase works with the single objective – information gathering and analysis to provide relevant information for later stages.
Based on project scope, intelligence gathering is mostly infrastructure related (e.g., network layouts, domains, servers, infrastructure details) unless it is a red team pentesting where personnel are in scope.
05. data analysis & reporting
This includes analysis on the pen test output, evaluation of the risk impact and attack likelihood before providing action plans to remediate the identified risks.
All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels to help the customer security teams.
03. active scanning & vulnerability analysis
Using manual approaches and internal penetration testing tools, our cyber security experts identify security weaknesses through actively scanning, attempst to bypass intrusion detection systems, intrusion prevention systems and prepare an attack layout to target vulnerable systems (security cameras, computer systems, network equipment related to network traffic, enterprise web apps, etc) . It includes identifying open ports using automated scans, services, identifying relevant network interface web application and any exploitable security weaknesses.
06. debrief & support
Our engagement process includes delivering a free of charge debrief to management and technical teams. This session involves helping to prepare a remediation plan based on the identified vulnerabilities and Q&A to ensure that customer contacts are up to date. Cyphere provides a remediation consultancy where we define and execute the risk mitigation plan.
Accreditations & Certifications
Vulnerabilities discovered by our internal penetration testing services
- Active directory vulnerabilities such as group policy security misconfiguration and authentication/authorisation issues
- Insecure logging and monitoring
- Network segmentation
- Patch management
- Password controls
- Insecure information storage practices
- Abusing ACLs/ACEs
- Constrained delegation
- AS-REP Roasting
- Abuse DnsAdmins
- Passwords in AD User comments
- Password Spraying
- Silver Ticket
- Golden Ticket
- Missing SMB Signing
Frequently Asked Questions about Internal network Penetration Testing
Internal and external penetration testing exercises are discussed separately due to the threat profiles associated with Internet-facing (external) and inside environments (internal).
An internal network security test, the same as an internal penetration test, is aimed at the internal network from an insider attacker perspective, i.e. an employee, contractor or partner.
External pen testing is aimed at internet-exposed devices, external IPs and/or systems only simulating a threat actor on the internet (unauthenticated). External penetration test measures your internet-facing assets attack surface (external tests) and will never tell you the real story of your internal security culture.
Internal pen tests and external penetration tests should be performed once annually to check network equipment, perimeter security controls and other database controls. Other asset categories include cloud penetration testing, wireless penetration testing and application and APIs.
Internal penetration tests can be scoped based on the requirements and threats related to the target system or network. For instance, if an organisation has never opted for network-wide assessment and is aiming to improve security, it makes business sense to assess the gaps for the entire estate and perform risk remediation to set internal benchmarks. If an organisation holds maturity in its security processes, targeted assignments are scoped such as network segmentation, specific internal security testing projects. See different types of penetration testing article for more details.
A thorough internal pen testing measures the information security culture at ground level. This includes password security (cracking & analysis), patching audit, group policy security, active directory design and architecture risks, insecure device and web application interfaces, encryption configuration, authentication, authorisation, secure information storage practices and network device hardening. Some prospects confuse this with vulnerability assessment, which is not because internal pen test includes exploitation of weaknesses. See this blog on the difference between the two. Don’t mistake this with red teaming, read a detailed article on this topic here.
Internal pen test in an internal environment involves considering threat scenarios based on the architecture and external threats. For instance, a company’s internal layout could be segmented with corporate, staging, production environments. For a medium-size company, it may be all in one and their production environment may be just a website hosted at a third-party site. Therefore, carrying out black-box penetration tests is justified in this scenario to assess the extent of an attack and it would mimic a complete outsider in your environment.
For the insider attack simulation test, we will ask standard staff privileges and start our internal network assessment from there to figure out various ways with the objective of compromising underlying workstations/laptops and then infiltrating servers and domain controllers.
Where multiple physical sites and network segregations are a challenge remotely, onsite assessment is preferred. With post covid19 measures, we utilise a number of methods (SSL VPN, VM deployment or shipping hardware to client site) to carry out remote penetration testing of internal networks.
Communication plays an important role during security assessments. We explicitly request a list of fragile components during proposal and project initiation meetings. Low-level attacks such as man-in-the-middle attacks, Denial of Service attacks are explicitly deemed out of scope for all assessments. This ensures the client that the pen testing methodology includes careful assessment in line with business assets and not a blind scanning approach.
Cyphere’s internal pen testing reports are world class deliverables containing raw data to support proof of concept and risk remediation measures.
Risk remediation is sometimes a complex process due to the specialist security skill-set needed for IT teams. As part of our aftercare support, we provide help in preparing remediation plans for all our customers.
Optionally, we provide remediation consultancy services with an internal penetration test to ensure all agreed findings are mitigated in line with best network security practices.
Why choose Cyphere as internal penetration testing company?
Benefits of Internal Pentesting
Internal penetration testing is a process where penetration testers attempt ethical hacking techniques to compromise their customer networks. This process involves manual testing to simulate an internal user or malicious insider threat and identify weaknesses in information security program. Pen tests help organisations find vulnerabilities that could be exploited by malicious insiders before they have a chance to do real damage.
Internal penetration testing can help find security gaps or security flaws and assess the accuracy of your security controls picture by simulating real-world cyber attacks against your systems. Pen tests can also help identify any gaps or deficiencies in your security posture, and can help you prioritise remediation efforts. By using internal pen testers who have extensive knowledge of your organisation’s systems and networks, you can get the most accurate and realistic assessment of your security controls.
Internal pen testing ensures stress testing of access controls, and opportunities to exploit vulnerabilities, simulating many elements of a cyber attack utilising various attack vectors. Internal pen testing determines in-depth third party access to resources by simulating an attack from a malicious outsider. This type of testing is used to identify vulnerabilities that could be exploited by a cybercriminal in order to gain access to sensitive data or systems.
An internal network assessment assesses a company’s security posture and looks for any vulnerabilities that could be exploited by malicious actors. By identifying these vulnerabilities, the organisation can mitigate the risk of a data breach or other security incident. Pen testers or ethical hackers may use various methods to identify strategic issues, including scanning networks.
IP Addresses and systems for open ports and vulnerable applications, exploiting known vulnerabilities, but not using social engineering techniques (it’s part of red teaming or explicitly agreed on scopes).
An internal penetration test is a great way to demonstrate your organisation’s commitment to cybersecurity. Pen tests are also a valuable way to educate employees about the dangers of cybercrime and how they can help protect the organisation’s networks and data. By raising awareness and empowering employees to be part of the solution, you can help create a culture of cybersecurity within your organisation.
An internal network assessment can help shape IT strategy and investments in a few key ways. First, it can help identify which systems are most at risk for attack and need to be fortified with stronger security measures. Second, pen tests can help prioritise investment areas to ensure that the most critical systems are given the necessary resources, whether cloud environments, on-premises or general corporate networks. Third, it can help identify gaps in security that may need to be addressed with additional software or personnel. And finally, regular pentesting can help keep management aware of the latest insider threats and how best to counter them.
Internal Infrastructure Penetration Testing Methodology
In order to perform internal infrastructure penetration testing, it is important to understand the context of assets in the scope of the engagement. Our proven approach to security assessments is based on more than a decade of experience, industry practices and effective ways to exceed customer expectations.
Cyphere’s pentesting engagement lifecycle methodology is broken down into five phases as demonstrated in the adjacent diagram.
- Initial Scoping & Objectives Agreement
- Reporting – See this article about pentesting reports
- Remediation (Optional remediation consultancy to help mitigate risks identified during penetration testing)