On-Site Security Assessment

Importance of internal network security

Internal network security is, more often than not, underestimated by administrators. Very often, such security does not even exist, allowing one user to easily access another user’s machine using well-known exploits, trust relationships and default settings. Most of these attacks require little or no skill, putting the integrity of a network at stake.

Most employees do not need and should not have access to each other’s machines, administrative functions, network devices and so on. However, because of the amount of flexibility needed for normal operation, internal networks cannot afford maximum security. On the other hand, with no security at all, internal users can be a major threat to many corporate internal networks.

A user within the company already has access to many internal resources and does not need to bypass firewalls or other security mechanisms which prevent non-trusted sources, such as Internet users, to access the internal network. In fact, 80% of network attacks originate from inside the firewall (ComputerWorld, January 2002).

Poor network security also means that, should an external hacker break into a computer on your network, he/she can then access the rest of the internal network more easily. This would enable a sophisticated attacker to read and possibly leak confidential emails and documents; trash computers, leading to loss of information; and more. Not to mention that they could then use your network and network resources to start attacking other sites, that when discovered will lead back to you and your company, not the hacker.

Most attacks, against known exploits, could be easily fixed and, therefore, stopped by administrators if they knew about the vulnerability in the first place. Our internal onsite security assessments assist administrators in the identification of these vulnerabilities and give your business the assurance it needs to conduct safely on the internet and with business partners.

Internal assessments use a similar methodology to an external assessment, however the engagement will occur from within the WAN at each logical management zone, physical segment or simply attached to the DMZ.

To attack to an internal network requires a significant depth of knowledge in many areas. These areas are not limited to Policy, Architecture, Implementation and Auditing across multiple business units, operating systems and devices. STEALTH – ISS® has all of these skill sets and extensive experience with very large networks.

Scan reports

After an internal assessment, STEALTH – ISS® provides a detailed report about all identified risks and threats, open ports and vulnerabilities including recommendation on how to fix these. The recommendations given will be independent of any supplier or vendor.

The detailed assessment report will include, but are not limited to:

  • High Security Alerts – This report includes:
  • All open ports
  • Missing service packs
  • High security alerts
  • Security Alerts – This report includes:
  • All open ports
  • All missing hot fixes
  • Medium security alerts
  • Missing Hot Fixes – This report includes:
  • Installed hot fixes
  • Missing service packs
  • Missing hot fixes/patches
  • Open Ports – This report includes:
  • All open ports (TCP and UDP)
  • SNMP Information – This report includes:
    • SNMP information
  • List of Computers – This report includes:
    • Detailed information for every computer (columnar)
  • Shares
    • Anonymous/unauthenticated access
  • Trusted domains
  • Users & groups
    • user accounts
    • backdoors
  • Services & processes
  • Password policy
  • Registry
  • Alerts node – This report includes:
    • Missing patches
    • CGI abuses
    • FTP alerts, DNS alerts, mail alerts, RPC alerts, and miscellaneous alerts
    • Service alerts
    • Registry alerts
    • Information alerts

For additional security assessments please visit our penetration test,vulnerability assessments,security compliance and internal network audit pages.