Internal infrastructure penetration testing

Why conduct internal infrastructure penetration testing?

Internal infrastructure penetration testing is essential for identifying and addressing vulnerabilities within your network before attackers can exploit them. It uncovers weaknesses that are not visible through external assessments, including misconfigured systems and outdated software. Simulating real-world attack scenarios reveals how attackers might move laterally, escalate privileges, and access sensitive data.

This proactive approach enhances incident response and strengthens security. Regular testing also helps ensure compliance with industry standards and reduces the risk of costly breaches and reputational damage. Ultimately, it provides a clear understanding of your network’s security, enabling effective implementation of controls and safeguards.

Scoping and planning

Define objectives

We collaborate with your team to establish the specific goals of the internal infrastructure penetration testing. Whether you need to evaluate network segmentation, identify potential insider threats, or ensure compliance with internal security policies, we tailor our approach to address your key concerns and objectives.

Requirements

We prepare for the assessment by gathering information about your network infrastructure. This includes IP ranges, NUC device setup, and any specific configurations or devices that need to be tested. We ensure we have the necessary access to perform a thorough evaluation, including setting up any required testing environments.

Tailored testing

Our assessment approach is customised to fit the unique aspects of your internal network. We maintain ongoing communication to adapt our testing strategies based on real-time insights and findings, ensuring that our recommendations are relevant and practical for your network environment.

Methodology

Network scanning

We perform comprehensive network scanning to identify active devices, open ports, and potential vulnerabilities within your internal network. This process helps us map your network infrastructure and pinpoint areas susceptible to attacks or misconfigurations.

Vulnerability assessment

Our team conducts a detailed vulnerability assessment to uncover security weaknesses in your network components, such as servers, routers, and switches. We utilise advanced tools and techniques to identify vulnerabilities and assess their potential impact on your network’s security.

Penetration testing

We simulate real-world attack scenarios to test the robustness of your network defences. By exploiting identified vulnerabilities and testing network defences, we provide a practical evaluation of how well your network can withstand potential threats.

SmartView takes care of your reporting

Cognisys’ SmartView Portal provides a centralised platform for clients to manage their projects and vulnerabilities efficiently. Through the portal, clients can track the status of each identified issue, assign tasks to team members, and monitor the progress of remediation efforts.

A detailed report is prepared once the internal infrastructure penetration testing is complete, prioritising findings and providing strategic, actionable recommendations to strengthen the external security posture through our SmartView portal.

LEARN MORE
Cognisys SmartView portal

Why choose Cognisys for internal infrastructure penetration testing?

Enhance your network security with our internal network assessment services. Our certified and highly skilled team has a proven track record of delivering exceptional results, ensuring a thorough evaluation of your network infrastructure. We offer actionable insights through comprehensive analysis and detailed reporting, providing practical recommendations to strengthen defences.

Our approach helps you proactively address emerging threats and improve your network’s resilience. We tailor our assessments to align with your specific security objectives, offering strategic guidance to maintain a robust and secure network.

FAQs

The duration of a penetration test depends on the scope and complexity of the network being tested. For example, a comprehensive test of a small network might take a few days, while a full assessment of a large enterprise’s network could take several weeks.

Preparation is crucial to ensure a smooth and practical penetration test. Here are the steps you should take:

  • Scope: Ensure proper scope details are shared before the test starts, such as the IP subnets in scope, out-of-scope devices/network devices, and critical hosts.
  • Data Backup: Ensure that all critical data is backed up. This is a precautionary measure to prevent data loss during testing.
  • Notify SOC/Monitoring Team: Inform your Security Operations Centre (SOC) or monitoring team about the scheduled Internal Network Assessment. This helps distinguish between legitimate pen test activities and potential real threats.
  • Notify Stakeholders: Inform all relevant stakeholders, including IT staff and management, about the upcoming pen test. This helps manage expectations and ensure everyone knows the testing activities.

An authorisation form is a document that grants permission to conduct penetration testing on your systems. It is essential for several reasons:

  • Computer Misuse Act Compliance: In the UK, unauthorised testing can violate the Computer Misuse Act. The authorisation form ensures that the penetration test is legally sanctioned.
  • Scope definition: The form clearly outlines the scope of the test, including the IP addresses and systems to be tested. This ensures that only authorised scans are conducted and helps identify unauthorised activities.
  • Stakeholder awareness: By listing the scan IP addresses at the bottom of the form, you ensure that all stakeholders are aware of the testing activities and can differentiate between legitimate tests and potential attacks.

We strive to conduct testing to minimise disruption to your business operations. For example, if you run a 24/7 online retail store, we can schedule tests during off-peak hours to minimise impact. We will work with you to find the best time for testing.

If a critical vulnerability, such as access to Domain Admin, is discovered, we will promptly notify you and provide mitigation recommendations. This will enable you to address the issue promptly and minimise potential risks.

A follow-up meeting can be scheduled to discuss strategies for mitigating the identified vulnerabilities. After the client confirms that they have addressed the vulnerabilities, we will conduct retesting. If some vulnerabilities remain unresolved, we will mark them as “Open”. In that case, another round of retesting will be necessary to close those findings from the report.

We will generate a comprehensive report on the SmartView portal, containing an executive summary, technical findings, severity ratings, and recommendations for remediation. The SmartView portal enables testers to submit vulnerabilities and allows clients to view them as soon as they are updated. This real-time reporting facilitates prompt action and efficient security issue management. For more details, please visit the SmartView section on our website.

We will be shipping a “NUC” mini-computer equipped with the Kali penetration testing operating system to the specified address. Once connected to the internal network, it will seamlessly connect to our secure VPN, enabling our consultants to conduct remote internal penetration testing.

During the setup process, we will verify the network configuration requirements, including the need for a Static IP or DHCP. It is essential that the network can access the specified subnets. Additionally, you may need to create a firewall rule to allow the NUC to communicate with our VPN address over port 443 to our domain (to be provided later). For cloud penetration testing, simply deploy a Kali image and we will provide the VPN configuration and once we’re connected, we can take it from there.

  • Please ensure that the NUC stays connected to the internal network until the final report is released. Once the NUC is returned, we will securely wipe all data from the device to ensure that no client-sensitive information remains on it.
  • If the scanning traffic from the NUC significantly affects the network performance (which is a rare scenario), please disconnect it from the network immediately and promptly inform the testing team.

  • Inform the SOC Team: Notify the SOC team about the upcoming penetration test. Provide them with the test’s start and end dates and times. Provide details about the scope of the test, including the IP ranges, subnets, and types of activities expected.
  • Designate Points of Contact: Identify and share contact information for the penetration testers and SOC team members who will be responsible during the test.
  • Define Rules of Engagement: Clearly define what is in and out of scope for the penetration test. Specify the types of testing that will be conducted, such as scanning, exploitation, and post-exploitation activities. Establish a procedure for pausing or stopping the test if unexpected issues arise
  • Incident Reporting: Define how and when to report any real incidents that are discovered during the penetration test. Outline how the SOC team should notify the penetration testers if they detect test activities as potential threats. Ensure the SOC team understands the normal baseline of network activity to identify deviations caused by the test.
  • Whitelist NUC IP address: – For internal network assessments, whitelist the NUC IP address if possible. Enable internet access on the NUC device.

Let’s make things happen

Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.

info@cognisys.co.uk
Leeds office

5 Park Place
Leeds
LS1 2RU

info@cognisys.co.uk
London office

131 Finsbury Pavement
London
EC2A 1NT

CONTACT OUR TEAM