Internal Network Penetration Testing
Internal network penetration testing aims to identify the security risks posed by systems available on internal corporate networks. This could be from the perspective of a rogue employee or a cleaner or an attacker who has managed to gain physical access to the building. A 2010 CyberSecurity Watch survey found that 26% of all respondants had experienced breaches relating to insiders in the last year.
Internal penetration testing identifies security holes which could be exploited by internal users or intruders to gain unauthorised access to data on your critical internal servers. A program of regular internal penetration testing can help defend against such attacks. Reaction can help to identify the following security weaknesses in internal networks:
- Default or weak accounts/passwords
- Insecure database services
- Buffer and Integer Overflows
- Format String Attacks
- Weaknesses in remote administration services
- Password reuse
- Unencrypted File transfer and communications services
- Active directory security weaknesses
- Network infrastructure security (routers/firewalls/switches/load balancers)
- Insecure backup services
- Vulnerable Unix services
- Potential for DoS attacks
- Privilege escalation attacks
- Mis-configured file sharing services
Please get in touch for more details.
