Hi Taras,
There are many things to check. Some things that springs to mind are:
- Access level on desktop PC
- Check the shares resources permissions
- Patch level on servers
- Wireless connections
- Sniffing
- Footprinting
- Physical security
- Internal ports on servers
- Check for unnecesary servers
- Unnecesary dial-up connections
And much more...
some useful links:
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.penetration-testing.com/
http://www.securestate.com/Profiling/Pages/Internal-Pen-Test.aspx
Regards
Ramiro
Taras P. Ivashchenko wrote:
> Hello, everybody!
>
> Is anybody made internal pen-tests?
> What is the difference between external pen-test and internal?
> As I think, in internal ARP spoofing, sniffing are possible, something more?
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on Jul 02 2008
Intro
