Internal Security Testing
Security testing with hackers view is very important to understand the security challenges. External PT/Security is important, but internal security testing is also important to check if the network gets compromised, then what can be maximum impact in system. Lets go straight to internal security testing checklist Gather Information and Footprinting exercise Do network assessments Scan for ports and services Find out dangerous services running Perform credential VA to find critical challenges Scan for malwares and trojans using specific plugin ids Identify password related challenges in VA Specially search scan results to find root credentials, admin credentials, blank passwords, passwords never expire, default passwords Find out where audit trails not enabled Specially target DB servers for password violations Try password cracking using any dictionary or hybrid attacks and if allowed go for brute force attacks Do firewall analysis to check for ports allowed Check