All Collections
Vulnerability assessments
What do I need to know and prepare before my internal network vulnerability assessment?
What do I need to know and prepare before my internal network vulnerability assessment?

Technical/administrative preparations to make before a network vulnerability assessment

Brian Johnson avatar
Written by Brian Johnson
Updated over a week ago

Before conducting a network penetration test, 7 Minute Security will have a scoping call with you to ensure we understand:

  • The goals of the test

  • The endpoints in (and out of) scope

  • Any timing restrictions (when we can and can not test)

Once those guidelines are established, we will provide a secure file transfer you can use to send the following information:

  1. IP addresses in scope for pentesting
    Please provide 7 Minute Security with a list of subnets we should test, and any hosts that should not be touched.

  2. An administrative Active Directory user account to scan systems with
    7 Minute Security needs an Active Directory account with Domain Administrator privileges (or workgroup equivalent) to conduct vulnerability scanning. This allows for a deeper scan of each endpoint, and point out potential risks such as:

    • Missing operating system patches

    • Missing third party software patches

      System misconfigurations

  3. Permission to conduct scanning
    You will need to secure necessary permissions for 7 Minute Security to scan and/or pentest the infrastructure that is in scope for testing - be that from internal departments or relevant third parties (ISPs, MSPs, etc.).

  4. Testing restrictions
    7 Minute Security needs to be made aware of any testing restrictions (i.e. time windows when testing can and cannot not occur).

  5. Three (3) IP addresses to use for the duration of the test
    Our pentest sensor requires three (3) IP addresses to use for the duration of the assessment. It is easiest for us if we are plugged into a network with DHCP enabled, but we can also assign static IPs to the device if required.

  6. Configure network allow-lists
    7 Minute Security uses Splashtop to be able to manage penetration tests remotely. From the network that our scanning device will be plugged into, please run the Splashtop connectivity check and make sure you get a result similar to this screenshot:

  7. Preferences for communication methods and cadence
    Let 7 Minute Security know how you would best like to communicate about the vulnerability assessment as we work through it. We can provide updates via email, text, Teams, or other communication method of your choice.

Did this answer your question?