Join the Webinar | Strong Protection Against Cyber Threats

Local Network Penetration Test

Local network penetration testing is a series of complex attack techniques designed to detect what a potential attacker can access through devices connected to the organization's internal network and prevent these vulnerabilities. In the local network penetration test, weak points in the network and system architecture are identified, critical potential vulnerabilities in devices and systems, entry points to the systems, how laterally the attacker can move in the local network, how he can increase his domain are determined, and how these vulnerabilities detected in the reporting phase can be prevented are determined.


Local network penetration testing;

  • Obtain information about security vulnerabilities,
  • Learn what information an attacker who has access to the corporate network can access,
  • Be informed about the patches that need to be installed and
  • It ensures that the protocols used are made more secure.


Penetration Testing Stages


1) Scoping

Before the test, an interview is held to determine the organization's internal network requirements and test scope.

2) Discovery

Angles in the firewall are determined and network segmentation is made.

3) Evaluation

Tests are carried out to detect security vulnerabilities in line with the information obtained during the discovery phase.

4) Reporting

Using the information obtained as a result of the test, a detailed and complete report is prepared by presenting data such as what the security vulnerabilities of the institution are, how they can be eliminated, and the impact of these vulnerabilities on the institution.

5) Retest 

Security tests are applied to the institution again after the reporting phase to determine whether the detected problems have been resolved or not.

Local Network Penetration Testing Methodology

  • Internal network scanning
  • Port scan
  • System fingerprint
  • service review
  • Vulnerability scanning
  • Manual vulnerability scanning and testing
  • Manual configuration testing and verification
  • Firewall and network checklist testing
  • Administrator privileges escalation test
  • Password protection test
  • Network equipment security check testing
  • Database security control testing

Frequently Asked Questions About Local Network Penetration Testing

Why Should I Have a Local Network Penetration Test?

It is of great importance for your system security that the security vulnerabilities in your systems are checked by cyber security companies, their strengths and weaknesses are reported and presented to your information. Because, despite all the attention and efforts of you and your employees on security, the methods and tools that attackers can use to exploit the system are endless. Possibilities and risks change dimensions according to the level of knowledge and experience of the attacker. For this reason, it would be a more realistic and efficient step to ensure and increase the security of your systems by having them tested by "White Hat" hacker teams, who can think and act like a hacker and know the attack methods and can take precautions against these methods. In addition, standards such as PCI, HIPAA, Pentest (penetration test) to be made.

How Should the Local Network Penetration Testing Project Be Planned?

In order for the penetration test to achieve its purpose and ensure efficiency, the steps to be applied under the headings of pre-test, during and after the test should be determined within a plan. We offer you a few questions that can help you shape your “Pentest Plan”: • What is the scope of the penetration test to be performed? (Black Box, White Box, Gray Box) • Should my risky systems be included in the penetration test? • How often should I have a penetration test? • Who should I have the penetration test done?

What Procedure Should I Follow After Local Network Penetration Testing?

Evaluating the results of the penetration test and taking the relevant actions are much more important than the test itself. We regret to express that a common mistake; it is only to examine the relevant report by having a penetration test and to close only the most urgent gaps and postpone the others. As a result of not closing these gaps, it is a common situation that the same angles are detected again in the next penetration test study. We share with you a few items that are recommended to be implemented in order for the test to achieve its purpose: • The penetration test report should be shared with the senior management in order to provide the necessary management support. • It is recommended that the results of the penetration test be prepared as a risk map and submitted to the management. • The test report should be examined in detail and the workload for closing the gaps should be distributed among the relevant people and teams. • It is recommended that the relevant report be shared with the software team and system administrators by organizing a meeting. Because the vulnerabilities found may be caused by a frequently used algorithm or system management tool. It should be aimed to bring the necessary perspective to the software team and system administrators in order not to become open again on these issues in the future. • The process of closing the gaps specified in the report should be followed up in detail. • The date of the next penetration test should be determined.