• Home
• Assessment
  • External Tests
  • Internal Tests
  • Code Review
  • Emergency Response
  • Wireless
  • Database Tests
• Training
• VA
  • Network VA
  • Web App VA
• Compliance
• Downloads
• Partners
• Contact Us

Internal Security Assessment

Conducting Internal Penetration Tests has rapidly become a critical part of the Security Managers requirement. For good reason too, as anyone who has had to face questions from their board after an incident, can testify.

The business drivers for internal network tests include:

1. Ensuring access to sensitive data is restricted to authorised parties
2. Validating the network's resilience to worm or virus propagation
3. Securing third party links, and ensuring they have access to only the services they need
4. Compliance (of course)
5. etc

Internal network tests can be conducted to varying degrees of detail, and focus on different 'Attack Vectors'. An Attack Vector is simply a way in which we think an attacker might attempt a compromise. For example, using SQL querying tools to access a database in an un-authorised manner is an attack vector if your concern is ensuring confidentiality on your database.

Matta first endevours to understand the business drivers, and reasons for conducting the assessment. We can then advise an approach that best meets those objectives.

For example, if particular systems are highly sensitive, then conducting a server audit might be a good use of budget. In another example, a company might be concerned about ensuring contractors only have access to authorised services, and in this case, Matta can use a set of standard contractor credentials to determine what levels of access are actually possible.

We work to understand the unique aspects of each project, and ensure our deliverable fits the original requirement!