Why Should Not Only The Network Perimeter Be Tested, But Also The Int

1.	Why Should Not Only The Network Perimeter Be Tested, But Also The Internal Network?
Answer» If your company's network is SUFFICIENTLY hardened at the perimeter systems and it was not possible to successfully compromise it during a perimeter test, it still makes SENSE to additionally conduct an internal test. Just because the perimeter systems are sufficiently secured, it does not mean that the same precautions are taken on the internal network. Most of the time, too little security is done on the internal network, as it is supposedly only accessible by trustworthy PERSONS. Especially in larger corporations though, not every employee needs the same access permissions. The intern does not need to have the same access LEVEL as the CEO. It is therefore a severe problem if a security vulnerability appearing in the future that allows access to the internal network eliminates all safety precautions. If the financial incentive is big enough, it should also be no problem for ATTACKERS (competitors, business rivals) to either bribe one of your staff members or infiltrate your organization with somebody reporting back to them with all the data that is supposedly well guarded if seen from the outside. If your company's network is sufficiently hardened at the perimeter systems and it was not possible to successfully compromise it during a perimeter test, it still makes sense to additionally conduct an internal test. Just because the perimeter systems are sufficiently secured, it does not mean that the same precautions are taken on the internal network. Most of the time, too little security is done on the internal network, as it is supposedly only accessible by trustworthy persons. Especially in larger corporations though, not every employee needs the same access permissions. The intern does not need to have the same access level as the CEO. It is therefore a severe problem if a security vulnerability appearing in the future that allows access to the internal network eliminates all safety precautions. If the financial incentive is big enough, it should also be no problem for attackers (competitors, business rivals) to either bribe one of your staff members or infiltrate your organization with somebody reporting back to them with all the data that is supposedly well guarded if seen from the outside.

Why Should Not Only The Network Perimeter Be Tested, But Also The Internal Network?

Answer»

If your company's network is SUFFICIENTLY hardened at the perimeter systems and it was not possible to successfully compromise it during a perimeter test, it still makes SENSE to additionally conduct an internal test. Just because the perimeter systems are sufficiently secured, it does not mean that the same precautions are taken on the internal network. Most of the time, too little security is done on the internal network, as it is supposedly only accessible by trustworthy PERSONS. Especially in larger corporations though, not every employee needs the same access permissions.

The intern does not need to have the same access LEVEL as the CEO. It is therefore a severe problem if a security vulnerability appearing in the future that allows access to the internal network eliminates all safety precautions. If the financial incentive is big enough, it should also be no problem for ATTACKERS (competitors, business rivals) to either bribe one of your staff members or infiltrate your organization with somebody reporting back to them with all the data that is supposedly well guarded if seen from the outside.

If your company's network is sufficiently hardened at the perimeter systems and it was not possible to successfully compromise it during a perimeter test, it still makes sense to additionally conduct an internal test. Just because the perimeter systems are sufficiently secured, it does not mean that the same precautions are taken on the internal network. Most of the time, too little security is done on the internal network, as it is supposedly only accessible by trustworthy persons. Especially in larger corporations though, not every employee needs the same access permissions.

The intern does not need to have the same access level as the CEO. It is therefore a severe problem if a security vulnerability appearing in the future that allows access to the internal network eliminates all safety precautions. If the financial incentive is big enough, it should also be no problem for attackers (competitors, business rivals) to either bribe one of your staff members or infiltrate your organization with somebody reporting back to them with all the data that is supposedly well guarded if seen from the outside.

Why Should Not Only The Network Perimeter Be Tested, But Also The Internal Network?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment