More Related Content Similar to Network penetration testing Similar to Network penetration testing (20) Network penetration testing1. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners.
Information Security Group (ISG)
Network Penetration Testing
reachus@imaginea.com
2. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners.
Network Penetration Testing
Overview
The contemporary way of working with networks as well as connecting with 3rd
parties has left a lot of firms exposed to malicious attacks and with vulnerable areas
that they aren't even conscious of yet.
Network penetration testing uncovers network weaknesses prior to a malicious
hacker.
Network penetration testing includes testing from an external network and an
internal network.
3. Open Ports/ Services, Open Ports and Services , OS
Hacker targets in a Packet Sniffing fingerprinting
Router Vulnerabilities exploits Liberal Access Control
typical network ARP spoofing, Cryptography Lists(ACL)
Denial of Service
infrastructure Hardware, Firmware, Software
Denial of Service
Hardware, Firmware, Software
specific vulnerabilities specific vulnerabilities
Switch
Open Ports and Services
User Authentication , Authorization
issues, Cryptography
Remote code execution, File Web Server
Upload, XSS
Server misconfiguration exploits
Denial of Service
Hardware, Firmware, Software specific
vulnerabilities
App Server
Open Ports and Services
Hacker Authentication , Authorization
issues, Cryptography
Buffer Overflows
Denial of Service
DBMS misconfiguration exploits
Hardware, Firmware, Software specific
vulnerabilities
DB Server
4. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners.
Penetration Testing Methodology
Step 1
• Information Gathering
Step 2
• Analysis and Planning
Step 3
• Vulnerability Identification
Step 4
• Exploitation
Step 5
• Risk Analysis and Remediation Suggestion
Step 6
• Reporting
5. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners.
Information Gathering Template
Information Required Data
Organization Name
Network diagram with details of the major network components
(router, gateway, firewall, servers, user machines) and their communication paths
Specify timings in which testing can be performed
Note: Network penetration testing could increase network traffic considerably
Specify timings for testing Denial of Service attacks and other applicable attacks
Note: DOS attacks could increase network traffic significantly and may bring the
network down
Specify if there are any restrictions on testing some critical systems in the network.
Provide access to one of the internal IP’s in the organization
Scope of the Test: Specify all IP addresses of the systems to be tested from external and
internal networks.
Target machine IP address Purpose of the
Specify whether the IP address is accessible to public network or limited to machine (Router,
organization's internal network Gateway, server etc)
(Eg: 196.0.0.1, Public IP) (Eg: Router)
6. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners.
Analysis and Planning
Analysis
Verification of given information
Client communication for clarifications (if any)
Understanding the network topology and communication mechanisms
Identification of critical network components and corresponding vulnerabilities to be
tested
Planning
Test modularization based on target machines or vulnerability focus areas
Plan for external and internal network testing
Plan for manual security testing phase
Plan for automation testing phase
Plan for exploitation phase
Plan for risk analysis and reporting phases
Time estimates for each of the phases
7. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners.
Vulnerability Identification
Focus Areas
Open ports and services Input Validation
Cross Site Scripting
OS fingerprinting Buffer Overflow
File Upload
Authentication Remote Command
Authentication Bypass Execution
Weak passwords
Default usernames/ passwords enabled Cryptography
Plain text passwords stored in database/ files Weak Encryption
Weak Key
Authorization WEP key used for wireless
encryption
Privilege Escalation
Gaining Access
ARP Spoofing
Packet Sniffing
8. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners.
Vulnerability Identification
Focus Areas
Information Leakage System Configuration
Sensitive Data Revealed Unpatched software and resulting
vulnerabilities
Liberal Access Control Lists
Denial of Service
Published vulnerabilities specific to
SYN flood OS/Software/Service
UDP flood
ICMP flood ARP Spoofing
Ping to Death
Distributed Denial of Service
Note: This is not exhaustive list of vulnerabilities. More vulnerabilities will be added
to the list based on the the technology/requirement/latest threats.
9. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners.
Vulnerability Identification
Vulnerability Testing Phases
Automatic scanning of target machines using tools and analysis of the results for
false positives
Port and Services scanning
OS fingerprinting
Vulnerability Scanning
Password cracking/ brute force
Exhaustive manual penetration testing of each target machine and vulnerability
focus areas
Packet sniffing
Cryptography issues
Published vulnerabilities specific to the target machine/OS/Software/Service
Default usernames/passwords enabled
Identification of list of network vulnerabilities from manual and automation testing
results
10. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners.
Vulnerability Identification
Tools
Backtrack5: Open Source Linux based OS which contains penetration testing
toolkit will be used for network penetration testing.
Open source Perl scripts will be used for DOS attacks.
Common toolkits:
Tool Purpose
Nmap Port Scanning, OS fingerprinting
Nessus, Nsauditor Network vulnerability scanner
Cain and Abel, John the Ripper, THC Hydra Password cracking tools
ADMSnmp To check default community strings
IKE-Scan To detect VPN server and version
SMTPScan To obtain SMTP server and version
Note: More tools will be added to the list based on the technology or
need or latest advancements.
11. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners.
Exploitation
Attacks will be performed on application machines without causing much damage to the
application resources and infrastructure. This phase is required in network penetration
testing to identify certain vulnerabilities in the target machines. Such as
Denial of Service
Escalation of privileges
Gaining access
Man In The Middle(MITM) network traffic
ARP spoofing
WEP cracking
Published exploit scripts specific to OS/Software/Service
Note: This is not exhaustive list of vulnerabilities. More vulnerabilities will be added
to the list based on the requirement.
12. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners.
Exploitation
Exploitation Toolkits
Tool Purpose
UDP Flood Denial of Service attack using UDP packet flood
SYN Flood Denial of Service attack using SYN packet flood
Ping to Death Denial of Service
Denial of Service using ICMP packet flood in
Smurf6
broadcast network.
Cisco Global Exploiter Exploit published cisco vulnerabilities
Metasploit Framework, Core Impact Exploitation tool
Wireshark Network packet sniffing
Aircrack-ng, Airodump-ng, Airmon-ng, Wireless packet sniffing
WEP Key cracking
Aireplay-ng
De- authentication of a client
Denial of service attacks
ARPSpoof ARP spoofing
Note: This is not exhaustive list of vulnerabilities. More vulnerabilities will be added
to the list based on the requirement.
13. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners.
Risk Analysis and Remediation Suggestion
Risk Analysis
Estimation of the Likelihood of attack
Estimation of the Impact of a successful attack
Evaluate overall RISK of the vulnerability
Risk = Likelihood * Impact
OWASP Risk Rating Methodology is used as a guidance.
Ref: https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology
Remediation Suggestion
Remediation measures will be suggested for each vulnerability identified. Priority for
remediation will be suggested based on the risk rating of the vulnerability
14. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners.
Report Template
Brief summary of the Network
Brief description of the network includes critical components in the network, type of
communication used, public IPs available etc.
Network Security Summary report
Brief description of the overall security status and the list of major security vulnerabilities
identified.
Vulnerability details for each identified vulnerability:
Vulnerability Classification and Name
Description of the vulnerability
Vulnerability details
Remediation Suggestions
Vulnerability Risk Rating (Likelihood, Impact, Overall Risk)
15. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners.
Security as a Service
http://www.imaginea.com
reachus@imaginea.com