An Internal Security Assessment follows a similar methodology to external testing. However, it provides a more complete view of the target site security.
Testing is typically performed from:
- A number of network access points, representing each logical and physical segment. For example, this may include tiers and DMZ’s within the environment, the corporate network or partner company connections.
- A number of different scenarios, for example a disgruntled employee or unmonitored 3rd party access; these will be dependent on the potential access that various individuals may have to target network(s).