Internal Penetration Testing
IT Security Compliance regulations and guidelines (GLBA, NCUA, FFIEC, HIPAA, etc.) require an organization to conduct independent testing of the Information Security Program, to identify vulnerabilities that could result in unauthorized disclosure, misuse, alteration, or destruction of confidential information, including Non-Public Personal Information (NPPI). The internal network (file servers, workstations, etc.) of the organization is exposed to threats such as external intruders breaching perimeter defenses or malicious insiders attempting to access or damage sensitive information or IT resources. In a 12-month period alone, over 100 million personal records have been compromised due to security breaches. Almost 1/3 of these breaches were the result of hackers.
Best Practices recommend that each organization perform an Internal Penetration Test in addition to regular Security Assessments in order to ensure the security of their internal network. An Internal Penetration Test differs from a vulnerability assessment in that it actually exploits the vulnerabilities to determine what information is actually exposed. An Internal Penetration Test mimics the actions of an actual attacker exploiting weaknesses in network security without the usual dangers. This test examines internal IT systems for any weakness that could be used to disrupt the confidentiality, availability, or integrity of the network, thereby allowing the organization to address each weakness. Robrige Network Security can perform this testing both onsite or remotely.
Robrige Network Security's Internal Penetration Test follows documented
Best Practices security testing methodology including:
|Internal Network Scanning|
|Manual Vulnerability Testing and Verification|
|Limited Application Layer Testing|
|Firewall and ACL Testing|
|Administrator Privileges Strength Testing|
|Password Aging and Strength Testing|
|Network Equipment Security Controls Testing|
|Internal Network Scan for Know Trojan/Hacker Ports|
|Third-Party/Vendor Security Configuration Testing|
|Hardened Server/Device Configuration Testing|
Networks, specifically for businesses and organizations, are regularly exposed and vulnerable to threats – which are ever-changing. When data is usurped, corrupted, or exploited by a hacker or online criminal, a company's or organization's security and reliability are compromised, and customers are potentially opened up to identity theft.
Internal penetration testing, with vulnerabilities exposed and exploited through ethical hacking techniques, is essential to maintaining industry compliance, particularly for finance and healthcare. Robrige conducts comprehensive internal penetration tests, from research and analysis to going through with ethical hacking to producing a full vulnerability report. To continue meeting industry standards, have us conduct your next internal penetration test.