Download PDF

What is it?

Internal Security Testing is a penetration test conducted from within a network perimeter.  Our testing will evaluate how much of your private data is accessible through unauthorised access.  This gives you an in-depth understanding of the security management of your internal networks, intranet and attached systems and services.

Why do it?

To assess your security levels from inside the organisation and discover how vulnerable your systems are from unauthorised access.  Companies have a duty to protect employee information under the Data Protection Act, this is particularly relevant when systems such as payroll and employee information can be accessed.

What it means to my organisation?

Information in the DTI Security Breaches Survey of 2006 revealed that 32% of the worst security incidents suffered by UK companies came from an internal source. It is obviously not enough to secure your defences against the outside world, there is also a need to be aware of internal weaknesses.

1. The containment measures you have in place to deal with automated attacks such as virus, worm & trojan activity.
2. Privilege escalation via any recognised popular business application log-on.
3. Access levels achieved by physically plugging in to any available live RJ45 socket.
4. Identifying the level of accessibility available to a temporary/interim staff member with fundamental logon and permissions.

Internal Penetration Testing can be combined with Physical Security Testing to understand how much information could be obtained, or damage done by an illicit user attempting to breach internal systems.