Segmentation And Trust
The first thing to check is if your network has any partitioning. However, our central concern is the presence of real, not nominal, partitioning, so we do far more than simply ask you a checklist of questions about your networks. We aim to directly assess whether VLANs enforce the boundaries they imply, and whether a user subnet can reach servers and interfaces they should never need to touch. We test segmentation practically rather than on paper: from a representative starting point, we attempt to actually reach the systems that are supposed to be unreachable, because a VLAN documented as isolated but routing anyway is worse than no claim of isolation. We test the classic internal attacks - ARP spoofing and man-in-the-middle positioning, VLAN hopping, rogue device insertion - and examine firewall and router rule sets for the permissive any-any rules that accumulate over years.