An Internal Security Assessment is conducted on client premises, targeting systems specified in advance by the Client. This assessment can be performed in two ways:
- Vulnerability Assessment - Assessing the network to highlight key vulnerabilities and weak systems that can be abused by an attacker
- Goal based testing - This assessment attempts to simulate a real world attack scenario, with the Client being able to carry out a specific scenario. The Client specifies a key system (or systems) and the Consultants attempt to compromise the specified host using a multitude of attack types, as well as any machine attached to the network.
Along with assessing the actual technical risk, our consultants use analysis techniques to help your organisation mitigate the issues as quickly as possible. This will help reduce the risk posed to your company and users, reducing the likelihood of reputational damage.
After reporting the issues discovered during the assessment, our consultants are also available for further follow-up calls to clarify certain issues or help your organisation understand the risks posed.
Our service can be fully tailored to the needs of your business, with reporting delivered in your preferred format where possible
The following high-level areas are included within the assessment:
- Host Discovery & Port Scanning
- Vulnerability Assessment
- Manual Identification and Fingerprinting of services
- Privilege escalation
- Attempts to access the "crown jewels" of the network
- Password Evaluation
- VLAN hopping
- Analysis of VOIP services
- Cryptographic Storage Analysis
- Exfiltration of data
Discovery and enumeration
The hosts are scanned, with exposed services being assessed using a combination of manual and automated techniques. This includes a vulnerability assessment of all exposed hosts and their services.
Analysis and Exploitation
The assessment commences, analysing the findings and attempts made, where safe and permitted, to exploit any vulnerabilities discovered. If access is gained to the internal network, attempts will be made to access key systems on the internal network.
The assessment is documented in a simple, easily digestible, format.