Internal network penetration testing focuses on identifying the risks posed by an attacker with internal access to a network to compromise that system. It uses a distinctly different approach from external penetration testing, which testers usually perform first. Unlike external penetration testing, internal testing assumes the attacker already has the access privileges of an insider.
You should have the following information available before engaging a vendor to perform internal network penetration testing.
Internal network penetration testing may test any of the following components of an organization's IT infrastructure:
Testers identify vulnerabilities in the above components and then exploit them to determine the attack's impact. Internal network penetration testing simulates various malicious activities, including stealing credentials, information leakage, and man in the middle (MITM) attacks.
Internal network penetration testing is still necessary, even when the network passes external penetration testing. The reason for performing both types of testing is that an insider has a greater potential for causing harm to a system than an outside attacker. This damage is usually assessed in terms of the alteration, destruction, disclosure, or misuse of an organization's sensitive information. An external attacker may obtain access to your internal network through email phishing or other methods.
Common methodologies for internal network penetration testing include the following:
Popular tools for internal network penetration testing include the following:
Custom scripts and manual tests are also standard in this type of penetration testing.