Internal Tests
Internal tests will provide an organisation with a review of their security conducted through the
eye of an Internal User, a temporary worker, or an individual that has physical access to the
organisation's buildings. These types of assessments will focus on, (but are not limited to)
- Wireless infrastructure
- Wired LAN Infrastructure
- Network Switches
- Network Routers
- Firewalls
- IDS/IPS
- Proxy Servers
- Windows Server machines
- Unix Server machines
- Novell Server machines
- IP telephony
- File/Print Services
- Application Services
- Shared Storage Resources
- Native Internet Connectivity
- Ability to gain remote access to the Infrastructure through the Internet/PSTN
- Ability to steal data
Internal Tests are conducted from within an organisation, over their Local Area Network. Tests will
observe whether it is possible to gain access to privileged company information, including sensitive
Application Databases, HR information and ERP type resources. Internal tests will assess whether a
user can escalate their network privileges and gain copies of usernames and passwords for other
business users. Internal tests will also assess whether it is possible to remove data from the
corporate environment without triggering alarms, or leaving an audit trail of what was taken, and
where it was moved to. Internal tests will assess whether a user can circumvent existing security
controls to grant themselves inbound access to the infrastructure through remote access and trojaning
techniques.
Internal tests deliver consistently strong documentation that will review all of your Internally
connected devices. Nettitude ensures that there is a high level management review document as well
as an in-depth technical review document that is produced for all Internal Security Assessments.
These documents will highlight security issues and mis-configurations, but most importantly, provide
you with recommendations on how you can improve your internal security posture moving forwards.