The paper focused on options for examining the organization's local area network for external sources of access. The approaches to finding the points of interaction of a potential attacker with the system are described. A variant of solving the problem of the impossibility of using the existing information system by using a virtual environment is also proposed. Thus, it becomes possible to test the information system for the presence of security threats, on a model that is as close to reality as possible.