This nice article details a step by step approach of what the author needed to do to try and hack some intranet site (by request). It then details all the mitigation steps needed to make sure something like that can never happen again. Enlightening.