This document discusses network penetration testing conducted by Information Security Group. Network penetration testing uncovers network weaknesses before malicious hackers can exploit them. It involves testing a network from both external and internal perspectives to identify vulnerabilities. The methodology involves information gathering, analysis and planning, vulnerability identification, exploitation, risk analysis and remediation suggestions, and reporting. Specific vulnerabilities examined include open ports and services, packet sniffing, denial of service attacks, authentication issues, and more.
3. Open Ports/ Services, Open Ports and Services , OS
Hacker targets in a Packet Sniffing fingerprinting
Router Vulnerabilities exploits Liberal Access Control
typical network ARP spoofing, Cryptography Lists(ACL)
Denial of Service
infrastructure Hardware, Firmware, Software
Denial of Service
Hardware, Firmware, Software
specific vulnerabilities specific vulnerabilities
Switch
Open Ports and Services
User Authentication , Authorization
issues, Cryptography
Remote code execution, File Web Server
Upload, XSS
Server misconfiguration exploits
Denial of Service
Hardware, Firmware, Software specific
vulnerabilities
App Server
Open Ports and Services
Hacker Authentication , Authorization
issues, Cryptography
Buffer Overflows
Denial of Service
DBMS misconfiguration exploits
Hardware, Firmware, Software specific
vulnerabilities
DB Server