Arabic | Arabic

Network White Box Testing

An internal network test simulates an attack of a malicious insider.
The test can be performed with no initial access except a network connection or with normal user-level privileges.
The test can also include a "stolen laptop" scenario to check what information an attacker can retrieve if he/she has obtained a company laptop.
The "physical access" check is even included in this test to detect if a user can gain Administrator privileges on his own or someone else's workstation by abusing physical access to it.
An internal network test starts with network mapping, identifying servers, workstations, laptops, routers, switches and other devices connected to the network.
The network mapping stage also includes determining the function of each server for example, domain controller, Oracle database server, application server, file server, etc.
After the network mapping stage, we proceed to check security problems. We check if most recent security patches are installed,
If the systems are securely configured, if the passwords can be cracked, etc.
As a result of an internal network test the customer gets a complete view of the internal network security.
The report includes the list of discovered problems and their impact.
For example: "The Windows servers are not regularly patched. At the moment 6 months worth of patches are missing.
It means that anybody connected to the corporate network can use a publicly available exploit for a vulnerability published two months ago to gain complete control over domain controllers, file and mail servers. "
The report also includes the recommendations for mitigating the problems.

Copyright resived Resecure me 2015 | Designed and developed by Starware