Locate     Facebook     Youtube

Network Vulnerability Assessment and Penetration Testing

Network Reconnaissance :

This is the first phase of testing, and here we will enumerate the Internet facing networks of the organization. For an external attacker, these will be the primary targets to be attacked. Often, if these are not scanned proactively, it is possible that a rogue IP address may suddenly appear on the perimeter. Or new ports may have been opened up for some reason, and no authorization or documentation may exist for these critical network architecture changes. The point of this exercise is to find the number of reachable systems, which we can test to penetrate. This is also known as network mapping or network reconnaissance.

Public Domain Sources :

An organization or its employees may knowingly or inadvertently reveal sensitive information on the World Wide Web. This could happen due to something as innocuous as a query posted on a peer mailing list. The administrator may end up disclosing critical details such as software versions, network architecture, etc. In this phase, we will scour the Internet looking for sensitive information available in the public domain.

Port Scanning :

Port scanning is one of the most important phases of a penetration testing attack. This will be the first tool used by an attacker once he has identified the IP address to be targeted. The key part here is to use a multiple of port-scanning tools in order to ensure the least false positives and the maximum information that can be gathered. We typically use nmap and Superscan for this stage of the test.

Identification of Services :

Once the open ports have been enumerated, it is important to determine the services that are keeping those ports open. This is typically done by analyzing the banners thrown back when a default connection is made to the open port. The latest nmap version allows this to be done using the –sV switch. Superscan also displays the banners, which can be used to analyze the services. Nessus can also be used for this, although it will do much more than just identify the services.

Identification of Operating System :

System fingerprinting is the invasive probing of a system for responses, which can be categorized as unique systems up to a version level. This information can then be used in the following stages of vulnerability research and exploitation.

Identification of Vulnerabilities :

The first step in determining vulnerabilities through a penetration test is to go with the version numbers. This can be misleading at times, and the results from this may contain ‘false positives’. The next stage would be to run automated scanners such as Nessus. Again, it is important to choose the right set of tests and the correct Nessus configuration before starting the scan. Target specific scanners such as Nikto for web servers can also be used.

Exploitation of Vulnerabilities :

Exploits may not always be used against production systems. However, if we have explicit permission from the organization, then we can run the specific exploits depending upon identified vulnerabilities. We source exploits from those found on the Internet, IRC channels, as also coding our own. Our pen-testers are very well-versed with the open source Metasploit Framework (www.metasploit.com), and we typically use it to code our own exploits.

Firewall / IDS / IPS Testing :

Here our objective is to determine the role of the Firewall in the DMZ, and the policy it uses to accept or deny packets. This module is designed to assure that only packets, which are expressly permitted, be allowed into the network, rest all should denied. It controls traffic flow from enterprise network, DMZ and Internet. We will be using tools such as hping2 and firewalk to test the firewall rulebase. Specific checks that will be carried out are:

Password Cracking :

This is the process of checking password strength through the use of automated password recovery tools. These tools perform password cracking in three forms: Common Passwords, Dictionary Passwords and Brute Force Attack. Our approach also include manual password guessing techniques, which exploits default username and password combinations in applications or operating systems, Joe accounts, or easy-to-guess passwords resulting from user error.

VPN Testing :

VPN’s allow authorized users increased access into the network. The VPN testing phase determine the following:

The successful completion of the project depends on the following assumptions :

VPN’s allow authorized users increased access into the network. The VPN testing phase determine the following:

Mail Server Testing :

Mail servers can be potential attack targets, and need to be thoroughly tested. Some of the tests that will be carried out include:

The cost of the Vulnerability Assessment and Penetration Test will Rs.45,000/- per branch and Rs.50,000/- for head office

Get in touch

Main Office
Ccure Ongo Pvt. Ltd.
A/112 Building No.5
Akshay Mittal Industrial Estate,
Andheri-Kurla Road,
Marol Naka, Andheri (East)

Tel : 022-49706031
Support : 1800 3002 3858(Toll Free)

All Copyright Reserved © Ccure Ongo Pvt. Ltd. 2018