Local Network Penetration Test

Local Network Penetration Test2020-04-02T13:04:06+03:00

Local network penetration testing is a series of complex intrusion techniques designed to detect what a potential attacker can access and prevent these vulnerabilities with devices connected to the organization’s internal network. The local network penetration test identifies weaknesses in network and system architecture, identifies critical potential vulnerabilities in devices and systems, entry points to systems, how much the attacker can move on the local network, how to increase the domain, and how to avoid these vulnerabilities identified during the reporting phase.

Local network penetration test;

  • Provides information about security vulnerabilities,
  • Lets you know what information an attacker who has access to the corporate network can access,
  • Provides information about the patches to be installed,
  • Makes the protocols used more secure.
Yerel Ağ Sızma Testleri

1) SCOPE DETERMINATION

Before the test, an interview is made to determine the internal network requirements and test scope of the institution.

2) DISCOVERY

Vulnerabilities in the firewall are identified and network partitioning is performed.

3) EVALUATION

Tests are carried out to determine security weaknesses in accordance with the information obtained during the discovery phase.

4) REPORTING

Using the information obtained as a result of the test, a detailed and complete report is prepared by presenting data such as the security weaknesses of the institution, how it can be eliminated, and the way these weaknesses affect the institution.

5) RE-TEST

After the reporting stage, security tests are applied to the institution again to determine whether the identified problems are solved. 

Local Network Penetration Test Methodology

  • Internal network scan
  • Port scan
  • System fingerprint
  • Service review
  • Vulnerability scanning
  • Manual vulnerability scanning and testing
  • Manual configuration test and verification
  • Firewall and network checklist testing
  • Administrator privileges promotion test
  • Password protection test
  • Network equipment security check test
  • Database security check test

Frequently Asked Questions About Local Network Penetration Test

Why Should I Have Local Network Penetration Test?2020-04-02T13:02:34+03:00

Controlling security gaps in your systems by cyber security companies, reporting their strengths and weaknesses and presenting them to your information is of great importance for your system security.

Because despite all your attention and efforts on security, you and your employees have no clue to the methods and tools that attackers can use to exploit the system. Depending on the level of knowledge and experience of the attacker, probabilities and risks change dimension.

For this reason, it is a more realistic and productive step to ensure security and increase the security of your “White Hat” teams that can think and act like a hacker and take precautions against these methods by knowing the attack methods.In addition, standards such as PCI, HIPAA, GDPR require Pentest (penetration testing).

How Should the Local Network Penetration Testing Project be Planned?2020-04-02T13:02:47+03:00

In order for the penetration test to achieve its purpose and provide efficiency, the steps to be applied under the headings “pre-test”, “during test” and “post-test” should be determined in a plan.

Here are a few questions that can help you shape your Penetration Testing Project Plan:

  • What is the scope of the penetration test? (Black Box, White Box, Gray Box)
  • Should my risky systems be included in the penetration test?
  • How often should I perform the penetration test?
  • From which company should I get the penetration test service?
How Should I Proceed After Local Network Penetration Test?2020-04-02T13:02:57+03:00

It is much more important to evaluate the results of the penetration test and to take the relevant actions. We must regret that the common misconception; examining the report by simply having an penetration test and resolving only very urgent weaknesses and postponing others. As a result of not resolving these vulnerabilities, it is often the case that the same vulnerabilities are re-detected in the next penetration test.

In order to achieve the purpose of the test, we share some important items with you that are recommended to be applied:

  • The penetration test report should be shared with the senior management to provide the necessary management support.
  • It is recommended that penetration test results be presented as a risk map to management.
  • The test report should be examined in detail and the workload for resolving those vulnerabilities should be appropriately distributed to the relevant personnel.
  • It is recommended that the penetration test report be shared with the software team and system administrators in a meeting. This is because the vulnerabilities found may be due to a frequently used algorithm or system management tool. In the future, it is aimed to gain the necessary point of view to the software team and system administrators in order to prevent weakness in these issues.
  • Detailed monitoring of the process of resolving the vulnerabilities mentioned in the report should be performed.
  • The date of the next penetration test should be determined.
Go to Top