Guarding Against Internal Threats

Raxis engineers typically begin an internal penetration test by plugging a device into your internal network — either their own testing system if they’re working onsite, or the Raxis Transporter device (see remote testing below) if they’re working offsite. From there, we map out the systems behind your firewall and attempt to:

• Escalate privileges
• Access areas for which we don’t have permission
• Prove we can exfiltrate redacted data
• Uncover other vulnerabilities malicious hackers might exploit

In more than 85% of our internal tests, we gain full control of the company network in less than a week – without credentials or special access. This proves what can happen if a hacker (or an inside threat) socially engineers an employee, steals or cracks a password, or gains physical access to a network port.

Does my company need an internal network penetration test?

If you have sensitive information on your internal network or your network allows connectivity to sensitive systems, you should strongly consider an internal network penetration test. These tests can expose misconfigurations, outdated systems and software, and other common vulnerabilities that may be difficult for companies to keep up with.

How is an internal penetration test from Raxis different?

Raxis pentesting takes things several steps further.

Our engineers start with seemingly small issues and chain attacks that enable them to move step-by-step through your network. The Raxis storyboard shows in detail how our pentesters gain a foothold and pivot, escalating privileges and access along the way — the same process a disgruntled employee or even a vendor might use. Customers are often surprised how easily our pentesters gain domain admin rights, allowing Raxis (or an attacker) to view, create and edit files, users, and other content across the network.

We often work with companies that believe their internal networks are secure simply because they are housed inside buildings and behind firewalls. Raxis pentesting regularly proves how easily these networks can be breached by phishing, social engineering, wireless network attacks, and other methods.

Other customers are shocked to learn from our internal network tests that there are systems and services that have been set up without permission by vendors, developers, and network users. Such systems are often unpatched and configured insecurely, and in most cases don’t adhere to company policies.

Financial Services — Raxis initiated and approved funding transfers - Gaining access to a bank employee’s workstation, Raxis gathered other credentials that had previously been used to log in from that device. Our engineers then tested them on other systems we discovered. After gaining access to the domain, the team downloaded all the user password hashes and cracked most of them. Several of these worked on the employee banking system as well as the user workstations. As a result, a Raxis pentester used one set of discovered credentials to log in as a teller and initiate a transfer of funds and then logged in again as a manager to approve the transfer. (Don’t worry, the bank approved this proof of concept and watched the whole thing happen.)

Health Care – Raxis accessed systems using info from an unprotected file drive - While mapping out the internal network, the Raxis team discovered an interesting device in a lightly used subnet. Looking more closely, our testers found that it held an unsecured backup of the company’s main shared file drive. The team reviewed it carefully and realized that it not only contained information about critical internal systems and administrative interfaces, but it also included a spreadsheet with credentials for these critical systems as well.

Energy Production – Raxis accessed a nuclear reactor using default credentials - In one instance, Raxis even found a small nuclear reactor embedded behind a telnet service . . . and it used default credentials. Raxis backed away slowly from this one and alerted the customer immediately. Many systems have defaults that leave services such as telnet enabled, and such services often have default credentials enabled as well. With so many systems in place on most internal networks, these issues can be easy to miss.

Does Raxis have to be onsite to perform the test? What if I have several segmented locations to test?

Raxis now performs more internal network penetration tests remotely than onsite. Using the powerful, internally-developed plug-and-play Raxis Transporter device, you can allow Raxis testers to work remotely with the same level of quality as an onsite test. The Transporter is truly that simple. Your team plugs it into the network and the Raxis pentesters are ready to get to work.

Need separate, segmented networks tested? Your team can move the Transporter at appropriate times during the test, or Raxis is happy to send your team several devices. We’ve even worked with a large international corporation that flew their Transporter to several locations around the world for multiple tests. You explain your environment, and the Raxis team will tailor a solution to your needs.

Can I include PCI segmentation testing with an internal network penetration test?

Yes, and that is often the most convenient scoping for our customers. The Raxis pentester can often initiate segmentation testing scans and leave them running while working on a manual internal network penetration test. This combined scope can help Raxis do more in less time, saving your team money and helping you work within your organization’s budget.

Do I need an internal network penetration test if you’ve already done an external test?

Raxis strongly recommends doing both. An internal test focuses on what an attacker can access and if they can use that access to jump to other critical systems. Is your phone network segmented from your production network? Are there devices that aren’t secure or outdated systems on your network? Is all your software up to date, and have known vulnerabilities been patched? Any of these issues could allow an attacker to gain access and then pivot to more critical systems. While an external test can tell you if an attacker can get in, an internal network penetration test reveals what they can do once they get inside.