Internal Network Vulnerability Assessment
While statistics repeatedly show that security breaches are almost as frequently the work of a trusted insider vs. externally caused – many Senior Executives and IT departments continue to invest their security budget almost entirely in protecting their networks from external attacks. Businesses need to also secure their networks from malicious employees, contractors, and temporary personnel. These trusted insiders obviously have substantial access to the network as well as a company’s physical premises so it is easy for them to appear hard at work while actually scanning the network for vulnerabilities or checking employee desks for passwords left exposed. An Internal Network Vulnerability Assessment is needed to reduce the risk of an internally-generated attack as well as an external attack that penetrates beyond your firewalls.
What is an Internal Network Vulnerability Assessment?
The Internal Network Vulnerability Assessment centers around a testing process that probes your organization’s internal LAN components, including servers, routers, switches, and workstations. This testing is performed from two vantage points. The first is that of an unprivileged guest. The second is that of an authenticated internal user. During the assessment process, Networks Unlimited Security Auditors simulate techniques used by unauthorized and malicious internal users in an attempt to find network vulnerabilities that could be exploited. The Auditors perform limited testing of advanced security systems (example: intrusion prevention systems) that may already be in place and the potential for their circumvention.
What is the purpose of this test?
The Internal Network Vulnerability Assessment determines how secure your network is from malicious (or even unintentional) theft or damage due to un-patched, weak, or misconfigured security settings on your internal infrastructure. The Assessment mimics the beginning phases of attacks from two potential attacker groups - unprivileged guests and trusted internal users.
The first group - unprivileged guests - has no privileges on your network other than connectivity via a standard LAN jack in your office. Possible members of this group would be cleaning crews, other workers, visitors such as customers and vendor personnel, or even hackers who have penetrated your firewall but have not yet gained any network privileges. Depending on your approach to handling contractors and consultants, they could be a member of the first or second group.
The second group - trusted internal users - has standard user privileges on your network. This group may consist of all users, although it is often beneficial to scan from the perspective of multiple security groups (sales, finance, executives, IT, etc.) to determine assess variations in privileges.
What methodologies do we use?
Your Assessment project is assigned to a team of highly experienced and certified Networks Unlimited Security Auditors. During the Vulnerability Assessment testing phase, the lead project Security Auditor works on-site at your office location. Interaction with your organization’s Information Technology and Information Security teams is minimal – they simply provide a live network jack and a standard user account for testing.
Using a variety of automated tools, both commercial and proprietary, the Security Auditor probes your internal network to identify the in-scope network devices, their operating systems, and the network services they are running. Our Vulnerability Assessment tools currently perform over 2,500 security checks and are continually updated as new attack patterns are identified. To get the best possible results, nothing is taken for granted. These tools are configured and run only by our certified Security Auditors who customize each probe based on experience, your organization’s infrastructure and needs, and the results of previous assessments.
The Security Auditor then probes the devices and services for known flaws and common misconfigurations, and compiles a list of the vulnerabilities that are found. The testing is designed to be non-invasive and non-disruptive.
The Security Auditor will detail application and technical security issues and include recommendations to resolve issues. An important task completed during this phase is the validation of vulnerabilities which generally results in the identification and documentation of a small set of false positive results. The deliverable is reviewed by multiple members of the project team. Every project team has at least one Security Auditor with a Certified Information Systems Security Professional (CISSP) certification and one Security Auditor with a Certified Information Systems Auditor (CISA) certification.
What is the final result?
Once the Internal Network Vulnerability Assessment testing, validation, and documentation phases are complete, you receive a complete presentation of the findings, a comprehensive report with an Executive Summary, a Technical Summary, and a Detailed Technical Report - in both hardcopy and electronic form. These reports detail what security risks were uncovered, their potential impact on your business, and a remediation recommendation section which outlines a set of detailed, prioritized steps to mitigate or remove those risks.
The lead Networks Unlimited Security Auditor assigned to your team will review the Vulnerability Assessment report findings so the results are well understood by you and your designated personnel.
Internal Network Vulnerability Assessments frequently include
Using Networks Unlimited Vulnerability Assessment Services, your IT staff can concentrate on maintaining a secure network without investing in expensive security tools and training, or devoting hours to scanning, testing, checking for false positive results, reporting, or maintaining expensive information security experts on staff.