Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Quality Policy
    • Security Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us

Internal Network Penetration Test

Home  >  Our Services  >  Internal Network Penetration Test
NextPrevious

A penetration test of your internal infrastructure identifies vulnerabilities that may be exploited by a malicious insider or malware.

Malicious employees, opportunist-hackers, social engineers and malware all pose a significant threat to your organisation if they have been able to gain a foothold on your internal network infrastructure. If a malicious user has gained physical access to the internal network of an organisation, the impact can be devastating and will often be the precursor to a large-scale security breach.

A penetration test of your internal network infrastructure provides you with a full and complete understanding of the vulnerabilities that are present, which may be exploited by a malicious user or malware. Our experienced & accredited penetration testers are skilled in identifying the types of vulnerabilities that may be exploited by a malicious user who had managed to gain unauthenticated network-level access to your environment.

Methodology

Using a combination of automated and targeted manual testing, our consultants will inspect your internal network infrastructure to identify vulnerabilities that could be exploited by a malicious user.

Usually, the ultimate goal of an attacker is to obtain Domain Administrator rights on the corporate Windows Domain. During our assessment, we use the latest techniques and attack vectors that an attacker is likely to use in identifying vulnerabilities, before exploiting vulnerable services which could allow for a full Domain compromise.

We validate all identified vulnerabilities to reduce the likelihood of “false positives” and to investigate the level of access that could be achieved if the vulnerability were to be exploited by a malicious user.

Prerequisites

  1. A signed & completed Testing Consent Form
  2. Wired network connection
  3. List of IP addresses or hostnames to be assessed

Deliverables

Engaging with SecureTeam for your Internal Infrastructure Test will provide you with the following:

Inflight support

In-flight Support

Prior to your test commencing, our consultant(s) will discuss the scope of work with you, so that a full understanding is obtained of what your environment is used for. This not only allows the test to run more efficiently, but also allows the discovered vulnerabilities to be rated more accurately in terms of risk.

During the testing phase, our consultant(s) will engage directly with you – notifying you of any critical vulnerabilities that may be present within your application or any evidence in our results that may indicate a security breach may have already taken place.

Reporting

Reporting

Once the penetration test has been completed, you will be provided with the following:

Comprehensive Technical Report

Our clear & concise reporting format contains an Executive Summary that can be understood by all members of your organisation – including individuals who may be in management or non-technical roles. All vulnerabilities contain a sufficient level of technical detail, so that your development team and systems administrators can quickly pinpoint the root cause of the vulnerability and apply the recommended course of action.

If we have been able to compromise your Active Directory Domain, you will be provided with a full write-up of the compromise using a ‘storyboard’ approach. This allows you to clearly see the steps leading up to and during the attack and helps you understand how the corrective actions should be applied.

Technical References

Where applicable, we provide additional reference URLs for each vulnerability, so that further information on the vulnerabilities can be obtained from reputable sources of technical information.

Risk-Based Approach with CVSS Scoring

A risk-based approach is used throughout the report and all vulnerabilities are scored in line with CVSS (Common Vulnerability Scoring System). This allows the contents of the report to be fed into your own internal risk assessments and allows a plan to be developed to address the vulnerabilities which present the highest risk to your organisation.

Secure & Encrypted Report Delivery

Due to the sensitive content which may be contained in our test reports, all test reports are delivered to our customers through a secure file delivery mechanism. All test reports are encrypted using AES-256 encryption and are secured with a strong, randomly-generated password which is delivered ‘out-of-band’ to you via SMS. The encrypted file is then delivered to you through an encrypted & expiring URL link – allowing you to download the test report securely to your workstation.

Aftercare

After Care

Once our consultancy engagement is complete and our final report has been delivered to you, our consultancy team remain available to you indefinitely for any questions you may have surrounding the report’s findings or our consultancy engagement with you.

We pride ourselves in partnering with our customers to provide adhoc security advice and to ensure that our engagement with you doesn’t simply end once the final report has been delivered.

We are committed to ensuring, that as our customer, you receive the utmost value out of our consultancy services and look forward to developing a long-lasting business relationship with you.

Conference Call

Conference Call

Once you have received our final report, you have the option of attending a conference call between the consultant(s) involved in delivering your project and individuals within your organisation who you feel would benefit from a more in-depth discussion of the report’s findings.

A conference call is suitable for both management and technical staff and provides you with the perfect opportunity to ensure that all vulnerabilities and their recommended course of action are fully understood by stakeholders and technical staff who may be tasked with applying the recommended course of action.

Find out more

If you'd like to find out more about our services or would like us to provide you with a quotation, please fill out the following form and one of our team will get in touch with you.

Related Services

  • External Network Penetration Test

No tags.

NextPrevious
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS ISO 9001 ISO 27001
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Quality Policy
    • Security Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us
SecureTeam