- Cyber Security Services
- SCADA/ICS Security Consulting
Internal Penetration Testing
Whereas External Penetration Tests are used to test the Internet perimeter from threats that could originate from a public source or sources anywhere in the world, Internal Penetration Tests are much more targeted. Internal Penetration Tests involve attacking the security of a computer system, or network of computing devices, from the inside of the network using the same tools and techniques that a real attacker would use. The purpose of an Internal Penetration Test is to determine what systems a malicious insider would be able to access from within the internal structure of the network. Would they be contained to only the generic corporate user access areas, or can they subvert the internal security controls and access sensitive data sources such as HR, Accounting, Executive files, and even SCADA, Automation, and Industrial Control Systems.
In the context of securing Critical Infrastructure, these tests are typically performed with the goal to test the security of the next perimeter down in the architecture, which is the connectivity between the corporate IT networks and the real-time SCADA and Industrial Control System networks. This normally involves deploying a small team of penetration testers on the internal network disguised as typical corporate users. They are not given any corporate network credentials or user accounts, and they are tasked to see what systems they can access within a finite time window, generally limited to less than 2 weeks.
At the start of the engagement, our Internal Penetration Testing teams generally stick with mostly passive assessment tools like TCPDUMP, WIRESHARK, and NETWORK MINER located on the right of the diagram below. As the test continues toward the end of the engagement, they will open up all of the tools, go on the active side, and begin to actively penetrate the defenses detected earlier in the process. Metasploit, NeXpose, Nessus, and other vulnerability detection and exploit development tools are used as needed to exploit internal network defenses. Tools increase with their level of aggressiveness as you move from right to left in the diagram below.