Sure, attacking your network is a good way to assess your vulnerabilities. I think the question to ask yourself is, do you know enough about the different types of vulnerabilities and the tools needed to find the holes to be able to make an accurate assessment, if the answer is no, find a company that will do it for you. They will find things you wouldn't think to look for.