| I l@ve RuBoard | |
Most organizations concentrate on the external computer security threat and do not put as much emphasis on securing systems from internal threats. However, statistics show that a large amount of unauthorized activity comes from internal sources. For most organizations this means the internal network is where the company is most vulnerable. Internal users have already bypassed many physical controls designed to protect computer resources. Therefore, the company needs to take further steps to protect itself from the internal hacker threat. Internal penetration testing can help identify resources that are internally vulnerable and assist the system administrator in plugging these holes. While internal security protects the organization from unauthorized internal abuse, it also helps to make life difficult for a hacker who manages to penetrate the perimeter defenses. If the hacker finds a rogue modem and exploits it, he or she may be limited to having access only to a workstation with a modem on it. However, if internal security is lax, the hacker may be able to run freely throughout the network.
This chapter provides a framework for penetration testing from within the physical location of the company. This inside access can be obtained either by gaining physical access to the organization or by remotely exploiting a system from an external site. The general process that we use for internal testing is similar to that used for external testing. However, there are several variations in the methodology and many techniques that are specific to internal penetration testing. Once we are internal, we have bypassed most of the perimeter controls, such as firewalls and network-based intrusion detection systems (IDSs). We may then be able to access many services and resources that were not available to us from outside the firewall, such as NetBIOS, rservices, telnet, FTP, and others.
| I l@ve RuBoard | |