What is penetration testing?
Penetration testing (or pen testing) is a simulated attack on a business asset to analyze the current level of security of that asset. This can include testing against networks, individual devices, applications, and more! Pen testing is typically performed by a professional ethical hacker, whose attacks match the techniques of a malicious attacker. This helps pinpoint vulnerabilities, configurations, and artifacts that a malicious person may find interesting, and disclose them before a malicious party can exploit them. This can give a business the upper hand over their opposition, providing them the resources and data they need to better secure their systems.
What is an internal penetration test?
An internal penetration test is a pen test focused on a business’s internal network. The internal network includes any technology assets that are not facing the “outside” or the internet. This can include servers, desktop machines, printers, phone systems, and more. This kind of testing is performed from the inside, and tends to involve attackers being directly connected to the internal network where they are testing.
What kind of information will we get from an internal penetration test?
An internal pen test can provide a wide array of information unique to this kind of testing. On the internal network, the primary concerns are malicious insiders, malware, and misconfigurations. An internal pen test can zero in on the factors that can lead to exploitation in these ways, reporting them to the business. During an internal penetration test, the attacker will document available devices, open ports and the services running on those ports, what patches and configurations may be missing or incorrect, the network structure and how secure it is, and the current state of security on the network overall. This information can then be used to build remediation plans, patching schedules, and asset management efforts.
We’re already secure on the outside, so why do we need an internal pen test?
While the external network may be secure, there are often still risks on the inside. As mentioned before, the main adversaries for internal network security are malicious insiders and malware. In many cases, vulnerabilities on internal devices can lead to network-wide exploitation and damage. Attacks like ransomware often rely on internal vulnerabilities to propagate, and are able to access the network through social engineering and misconfigurations. Improper internal network management can also expose data to users who may not need to have access to it, and who may use it in ways that harm a business. While a secure external network is excellent, the outer shell isn’t the only thing needed to ensure business integrity.
What should we do to prepare for an internal penetration test?
Before getting an internal penetration test, the best thing a business can do is begin practicing good security hygiene. Self-assessing the network may not always be an option for a business. However, ensuring that all known patches are applied, devices are currently supported and well managed, and users are aware of the software and services they use is an excellent place to start. The more information a business has about its network to start, the more valuable the information from an internal penetration test will be.
How can we use the results of an internal penetration test?
While securing the network is a given, an internal pen test can often bring to light a lot of useful information. Primarily, patches! Internal testing allows an attacker a close look at internal services, and can help designate services that are in need of patches and what patches those may be. Remediation and network restructuring tend to be the primary uses of testing results. Attestation regarding your security posture is another critical benefit that an internal penetration test can offer. Documentation of testing and attacks for internal and external use can help prioritize next steps and demonstrate to clients a genuine effort to provide valuable secure service.
To talk over a customized internal penetration testing approach specific to your organization’s needs, contact Pivot Point Security.