Your SlideShare is downloading. ×
Network penetration testing
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Network penetration testing

1,384
views

Published on

Published in: Technology

0 Comments
7 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,384
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
7
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Information Security Group (ISG) Network Penetration Testing reachus@imaginea.com
  • 2. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Network Penetration Testing Overview The contemporary way of working with networks as well as connecting with 3rd parties has left a lot of firms exposed to malicious attacks and with vulnerable areas that they arent even conscious of yet. Network penetration testing uncovers network weaknesses prior to a malicious hacker. Network penetration testing includes testing from an external network and an internal network.
  • 3. Open Ports/ Services, Open Ports and Services , OSHacker targets in a Packet Sniffing fingerprinting Router Vulnerabilities exploits Liberal Access Control typical network ARP spoofing, Cryptography Lists(ACL) Denial of Service infrastructure Hardware, Firmware, Software Denial of Service Hardware, Firmware, Software specific vulnerabilities specific vulnerabilities Switch Open Ports and Services User Authentication , Authorization issues, Cryptography Remote code execution, File Web Server Upload, XSS Server misconfiguration exploits Denial of Service Hardware, Firmware, Software specific vulnerabilities App Server Open Ports and Services Hacker Authentication , Authorization issues, Cryptography Buffer Overflows Denial of Service DBMS misconfiguration exploits Hardware, Firmware, Software specific vulnerabilities DB Server
  • 4. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Penetration Testing Methodology Step 1 • Information Gathering Step 2 • Analysis and Planning Step 3 • Vulnerability Identification Step 4 • Exploitation Step 5 • Risk Analysis and Remediation Suggestion Step 6 • Reporting
  • 5. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Information Gathering Template Information Required Data Organization Name Network diagram with details of the major network components (router, gateway, firewall, servers, user machines) and their communication paths Specify timings in which testing can be performed Note: Network penetration testing could increase network traffic considerably Specify timings for testing Denial of Service attacks and other applicable attacks Note: DOS attacks could increase network traffic significantly and may bring the network down Specify if there are any restrictions on testing some critical systems in the network. Provide access to one of the internal IP’s in the organization Scope of the Test: Specify all IP addresses of the systems to be tested from external and internal networks. Target machine IP address Purpose of the Specify whether the IP address is accessible to public network or limited to machine (Router, organizations internal network Gateway, server etc) (Eg: 196.0.0.1, Public IP) (Eg: Router)
  • 6. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Analysis and Planning Analysis Verification of given information Client communication for clarifications (if any) Understanding the network topology and communication mechanisms Identification of critical network components and corresponding vulnerabilities to be tested Planning Test modularization based on target machines or vulnerability focus areas Plan for external and internal network testing Plan for manual security testing phase Plan for automation testing phase Plan for exploitation phase Plan for risk analysis and reporting phases Time estimates for each of the phases
  • 7. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Vulnerability Identification Focus Areas Open ports and services Input Validation Cross Site Scripting OS fingerprinting Buffer Overflow File Upload Authentication Remote Command Authentication Bypass Execution Weak passwords Default usernames/ passwords enabled Cryptography Plain text passwords stored in database/ files Weak Encryption Weak Key Authorization WEP key used for wireless encryption Privilege Escalation Gaining Access ARP Spoofing Packet Sniffing
  • 8. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Vulnerability Identification Focus Areas Information Leakage System Configuration Sensitive Data Revealed Unpatched software and resulting vulnerabilities Liberal Access Control Lists Denial of Service Published vulnerabilities specific to SYN flood OS/Software/Service UDP flood ICMP flood ARP Spoofing Ping to Death Distributed Denial of Service Note: This is not exhaustive list of vulnerabilities. More vulnerabilities will be added to the list based on the the technology/requirement/latest threats.
  • 9. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Vulnerability Identification Vulnerability Testing Phases Automatic scanning of target machines using tools and analysis of the results for false positives Port and Services scanning OS fingerprinting Vulnerability Scanning Password cracking/ brute force Exhaustive manual penetration testing of each target machine and vulnerability focus areas Packet sniffing Cryptography issues Published vulnerabilities specific to the target machine/OS/Software/Service Default usernames/passwords enabled Identification of list of network vulnerabilities from manual and automation testing results
  • 10. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Vulnerability Identification Tools Backtrack5: Open Source Linux based OS which contains penetration testing toolkit will be used for network penetration testing. Open source Perl scripts will be used for DOS attacks. Common toolkits: Tool Purpose Nmap Port Scanning, OS fingerprinting Nessus, Nsauditor Network vulnerability scanner Cain and Abel, John the Ripper, THC Hydra Password cracking tools ADMSnmp To check default community strings IKE-Scan To detect VPN server and version SMTPScan To obtain SMTP server and version Note: More tools will be added to the list based on the technology or need or latest advancements.
  • 11. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Exploitation Attacks will be performed on application machines without causing much damage to the application resources and infrastructure. This phase is required in network penetration testing to identify certain vulnerabilities in the target machines. Such as Denial of Service Escalation of privileges Gaining access Man In The Middle(MITM) network traffic ARP spoofing WEP cracking Published exploit scripts specific to OS/Software/Service Note: This is not exhaustive list of vulnerabilities. More vulnerabilities will be added to the list based on the requirement.
  • 12. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Exploitation Exploitation Toolkits Tool Purpose UDP Flood Denial of Service attack using UDP packet flood SYN Flood Denial of Service attack using SYN packet flood Ping to Death Denial of Service Denial of Service using ICMP packet flood in Smurf6 broadcast network. Cisco Global Exploiter Exploit published cisco vulnerabilities Metasploit Framework, Core Impact Exploitation tool Wireshark Network packet sniffing Aircrack-ng, Airodump-ng, Airmon-ng, Wireless packet sniffing WEP Key cracking Aireplay-ng De- authentication of a client Denial of service attacks ARPSpoof ARP spoofing Note: This is not exhaustive list of vulnerabilities. More vulnerabilities will be added to the list based on the requirement.
  • 13. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Risk Analysis and Remediation Suggestion Risk Analysis Estimation of the Likelihood of attack Estimation of the Impact of a successful attack Evaluate overall RISK of the vulnerability Risk = Likelihood * Impact OWASP Risk Rating Methodology is used as a guidance. Ref: https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology Remediation Suggestion Remediation measures will be suggested for each vulnerability identified. Priority for remediation will be suggested based on the risk rating of the vulnerability
  • 14. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Report Template Brief summary of the Network Brief description of the network includes critical components in the network, type of communication used, public IPs available etc. Network Security Summary report Brief description of the overall security status and the list of major security vulnerabilities identified. Vulnerability details for each identified vulnerability: Vulnerability Classification and Name Description of the vulnerability Vulnerability details Remediation Suggestions Vulnerability Risk Rating (Likelihood, Impact, Overall Risk)
  • 15. © Copyright 2011. Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Security as a Service http://www.imaginea.com reachus@imaginea.com