| |
EXTERNAL PENETRATION TESTING / VULNERABILITY ASSESSMENT METHODOLOGY
SPI has developed an effective methodology to conduct a professional Penetration Testing and Vulnerability Assessment. Penetration test or pen test commonly known as ethical hacking, simulates an attack on systems to access the security, the data stored, the applications and services. By conducting a controlled simulation of an attack, a penetration test uncovers all the security flaws accurately. The penetration testing methodology is based on the following diagram. Comprehensive tests are carried out to check for security weaknesses on the devices mentioned in the scope of work.
Security Penetration Testing - Attack Tree
1. Information Gathering
This phase involves gathering specific information about the target network to launch an attack with maximum precision. During this phase we will perform a reconnaissance to develop a picture of the network, including topology, devices and hosts, and services. This is achieved through :
- Ping sweeping
The range of IP addresses the target organization owns is ping-ed to find out which hosts are alive. If there is a firewall set to deny ICMP requests then the hosts behind it would not be ping swept and would be directly port scanned.
- Port scanning
Port scanning is the invasive probing of system ports on the transport and the network level. This module is used to enumerate live or accessible Internet services as well as penetrating the firewall to find additional live systems. During this phase, we also employ certain manual techniques to determine the network address, if we have been provided target URLs. Information about the target’s telecom network, the distance (number of hops) from the attack station and network parameters like RTT (round trip time) are also collected.
2. Network Enumeration
During the network enumeration phase, we try to determine the operating platform of the discovered hosts, the services running on the identified ports. This is achieved through :
- System fingerprinting
This is the active probing of a system for responses that can distinguish unique systems to operating system and version level.
- Services Identification
This is the active examination of the application listening behind the service. It is achieved through a technique called banner grabbing which involves connecting to open ports found during port scanning and then identifying the running application and its version. Information gathered in this phase helps us build a picture, or ‘footprint’ of the target network’s electronic perimeter. It serves as an introduction to the systems to be tested.
- Assessment & Analysis
This phase involves both automated and manual scanning of target network. Probing for vulnerabilities which can be exploited to gain unauthorized access. Based on the information gained during the first phase, an analysis is conducted to identify security holes and vulnerabilities that may be applicable to the target network or host.
- Network / Application Penetration
Based on the information gathered in the previous phase, we attack the targets using exploits for the discovered vulnerabilities. Some penetration techniques may involve privilege escalation, password cracking or conducting denial of service testing.
3. Report and Documentation
In the last phase we generate a consolidated report that details the results obtained during the tests. This phase involves recording the identified security vulnerabilities, their solutions and workarounds which will include system hardening, patching and other security controls to completely eliminate the discovered vulnerabilities.
Sample report
|
|