What Is Internal Penetration Testing?

Internal penetration testing simulates an attack on your organization that originates from within it. This type of penetration testing assumes that a malicious party somehow has access to your network. It could be a disgruntled employee or a skilled hacker using a variety of techniques to break in.

Why Internal Penetration Testing Is Important

Internal penetration testing reveals the vulnerabilities of your internal systems and what damage an in-house attack can cause. It enables you to protect yourself against insider threats proactively.

Many organizations tend to focus on threats from outside sources; however, an internal attack can be just as likely, if not more. In fact, sixty percent of organizations have faced an insider threat in the past year.

How Does Internal Penetration Testing Work?

Penetration testing, no matter the type, typically follows a standard procedure (reconnaissance → attack → report). However, the tactics within those steps vary from test to test.

Reconnaissance

A tester’s first move in the process is to perform reconnaissance. (S)he works to map out as much of your organization’s network as possible using a variety of techniques from within the system.

Passively, the tester implements network sniffers, like Wireshark, to monitor and collect network traffic. (S)he then analyzes that information to discover hosts, protocols, ports, services, and other attack vectors.

A more active technique, the tester also sends traffic to your organization’s network with specialized scanners. The purpose of this activity is to find network properties such as users, domains, versions, operating systems, and other relevant information.

Once the tester successfully maps out your network, (s)he scans it for vulnerabilities. Fortunately (or unfortunately, depending on how you look at it), tools like Nessus and OpenVas automatically probe the network for those weaknesses.

Attack

After validating the vulnerabilities (s)he discovered in the reconnaissance stage, the tester simulates attacks to see the extent of damage that they would cause. Kali Linux, Core Impact, Canvas, Metasploit – these tools represent just a few of the devices a tester uses to exploit internal vulnerabilities.

During the internal penetration testing attack, the tester looks specifically for the following issues: