LAN tests

Internal network (LAN) security testing is carried out from outside of the organisation.

What are internal network penetration tests and why are they crucial to a company's security?

  • Internal network penetration tests are controlled simulations of attacks on an organisation’s IT infrastructure to identify vulnerabilities before they are exploited by cybercriminals. They are fundamental to protecting data, ensuring operational continuity and maintaining customer trust. Through regular testing, it is possible to detect vulnerabilities that could lead to information leakage, system disruptions or uncontrolled access to resources.

How does the internal network penetration testing process work according to the latest standards?

  • Internal network penetration tests are often mandatory according to many security standards and regulations, such as PCI DSS, ISO 27001 or DORA. Performing these tests enables the detection and remediation of potential security vulnerabilities, which is key to meeting both industry standards and regulatory requirements.
  • In addition, we provide detailed reports and documentation that can be used during audits or inspections, confirming the company’s commitment to data protection and information security.

What do the internal network tests cover?

The tests focus on a comprehensive assessment of the following areas:

  •  Network infrastructure: configuration of firewalls, routers, switches and open port detection
  •  All kinds of advanced attacks on Active Directory services
  •  Systems security: verification of updates, patches and vulnerabilities in operating systems (Windows, Linux) and applications
  •  Active Directory: analysis of password policies, user rights and detection of errors in the domain structure
  •  Network services: testing of DNS, DHCP security, SMB/NFS protocols and communication encryption
  •  Network segmentation: assessing the effectiveness of isolating critical resources (e.g. financial servers) from other departments
  •  Access control: checking multi-factor authentication (MFA) mechanisms and least privilege rules
  •  Detection systems: testing the response of IDS/IPS solutions and monitoring tools (e.g. SIEM)
  •  Emergency procedures: verification of the operation of backups
What are the most dangerous vulnerabilities detected during testing?

Common threats include outdated software with unapplied patches, default or weak passwords, unsecured file shares and redundant user permissions. Risks are also outdated legacy systems, lack of encryption of sensitive data (e.g. databases) and misconfigured firewall rules allowing lateral movement.

 
Can pentesting disrupt systems?

We carry out tests with the utmost caution – we avoid invasive techniques (e.g. DDoS) and carry out work outside of working hours. Every action is consulted with the IT team and preceded by a data backup. As a result, the risk of downtime is reduced to a minimum and your business operations remain unaffected.

 

How is our data protected during testing?

We guarantee full confidentiality by:

  •  Signing of the NDA agreement prior to the start of the collaboration
  •  Encryption of data during both testing and storage
  •  Immediate deletion of information after project completion
  •  Restrict access to reports to authorised persons only

 

Will the tests help meet legal requirements?

Yes. Penetration testing is required by, among others, PCI DSS (req. 11.3) and DORA. Not directly also by GDPR.
We provide documentation according to OSCP or CREST standards, accepted by auditors. Example: risk assessment report according to the CVSS 3.0 scale, which you can present to supervisory body.

 

You will receive a detailed documentation including:

  • A list of gaps grouped by criticality (critical/high/medium/low)
  •  Step-by-step instructions for eliminating each vulnerability (e.g. GPO configuration in AD)
  •  Attack scenarios with visualisation of exploitation paths
  •  Recommendations in line with frameworks (NIST, CIS Benchmarks, MITRE)
Types of web application tests performed:
Galicja (18)

1.

Blackbox
Galicja (19)

2.

Greybox
Galicja (28)

3.

Whitebox

The process of network penetration testing:

  1. Planning and preparation in consultation with the client (obtaining consents and identifying the presence of critical infrastructure):​

    • Reconnaissance ​
    • Passive and active information gathering​
    • Network vulnerability scans (can also be performed as a separate service)​
    • Identification of available services and technologies​
  2.  Analysis of network and system configurations and verification of services for known security vulnerabilities​
  3.  Manual verification of each vulnerability detected​
  4.  Analysis and reporting (Report including Executive Summary can be provided in Polish, English or German)
As additional services we can offer:​
  •  Support in closing security gaps​
  •  Retest after the customer has closed the gaps​
  •  Report verification by a second auditor
Standards:​
  • PTES (Penetration Testing Execution Standard)​
  •  NIST SP800-115
Example scope:
  •  Equipment vulnerability audit ​
  •  On-site or remote wireless WLAN audit ​
  •  LAN audit – segmentation and active devices ​
  •  Vulnerability audit of servers ​
  •  Network vulnerability audit ​
  •  Vulnerability audit of cloud servers ​
  •  Vulnerability audit of access to cloud services ​
  •  Tests of attacks on Active Directory ​
  •  Network traffic poisoning tests​
  •  Tests of default and simple account configurations​
  •  Attacks on non-standard services running inside the network​
  •  Attacks on internal services​​

* Basic scope, recommended. The detailed scope is agreed individually, according to the needs and characteristics of the organisation.