The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Discover the best professional documents and content resources in AnyFlip Document Base.
Search
Published by Enhelion, 2019-11-19 14:47:28

EH - Module 1

EH - Module 1

MODULE 1

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment and Penetration Testing (VAPT) is a systematic analysis of security
status of Information systems.

What is Vulnerability Assessment and Penetration Testing?
In simple terms Vulnerability assessment and penetration testing are two different and
complimentary proactive approaches to assess the security posture of an information system’s
network. Vulnerability Assessment is conducted to test the security posture of the information
system both internally and externally. Penetration tests provide evidence that the
vulnerabilities do exist as network penetrations are possible. They provide a blueprint for
remediation.
Penetrations tests can be automated with the help software applications or performed
manually. Regardless of the method, the process includes gathering information about the
target before the test (reconnaissance), identifying possible entry points, attempting to break in
(either virtually or for real) and reporting back the findings.
The aim of penetration testing is to determine security weaknesses. A pen test can also be used
to test an organization's security policy compliance, its employees' security awareness and the
organization's ability to identify and respond to security incidents done by Pen testers aka “Red
Team”.

Why do we need penetration testing?
With the massive increase in cyber-attacks, it is more important than ever before to undertake
regular vulnerability scans and penetration testing to identify vulnerabilities and ensure that
the cyber controls are working on a regular basis.
A Senior Consultant explains: “Vulnerability scanning examines the exposed assets (network,
server, applications) for vulnerabilities – the down side of a vulnerability scan is that false
positives are frequently reported. False positives may be a sign that an existing control is not
fully effective, i.e. sanitizing of application input and output, especially on web applications.”

Penetration testing looks at vulnerabilities and will try and exploit them. The testing is often
stopped when the objective is achieved, i.e. when an access to a network has been gained - this
means there can be other exploitable vulnerabilities not tested.”

Organizations need to conduct routine testing of their systems for the following key reasons:

• To determine the weakness in the infrastructure (hardware), application (software) and
people to develop necessary security controls.

• To ensure controls have been implemented and are effective. This gives assurance to
information security and senior management.

• To test applications that are often the gateways of attack. Applications are built by
people who can make mistakes in spite of the best practices in software development.

• To discover new bugs in existing software. While patches and updates can fix existing
vulnerabilities, they can also introduce new vulnerabilities.

What are the benefits of a Pen-Test?

• Avoid network downtime due to breach.
• Discover methods that hackers use to compromise the network.
• Enhancive effectiveness of an overall security life cycle.
• Provides a strong basis to determine appropriate security budgets.
• Helps in business continuity.
• Decreases the Possibility of real time attacks.
• Preserve company Reputation.

Vulnerability Assessment vs. penetration Testing

1. Vulnerability Assessment

Vulnerability assessment is to conduct to find vulnerabilities and to take more holistic
look at security. Penetration testing is a focused attack of a single or a few
vulnerabilities that are usually already known to exist or are suspected of existing.
Vulnerabilities now scale beyond technology the operational processes like patch
management and incident management have a significant impact on the lifecycle of
vulnerability analysis can forecast the effectiveness of recommended countermeasures
and evaluate their actual effectiveness after they are put into use.

A. Reasons for Vulnerability Existence
1. Insecure coding practices.
2. Developer education not focused on security.
3. Limited testing budget and scope.
4. Disjoined security processes.

5. More resources outside than inside.

B. Steps for Vulnerability Assessment
1. Defining and classifying network or system resources.
2. Assigning relative levels of importance to the resources.
3. Identifying potential threats to each resource.
4. Developing a strategy to deal with the most serious potential problems first.
5. Defining and implementing ways to minimize the impact if an attack occurs.

Once analysis has been completed, if security holes are found as a result of vulnerability
analysis, a vulnerability disclosure may be required. The person or organization that discovers
the vulnerability or a responsible industry body such as the Computer Emergency Readiness
Team (CERT) may make the disclosure. If the vulnerability is not classified as a high level threat,
the vendor may be given a certain amount of time to fix the problem before the vulnerability is
disclosed publicly.

Limitation of Vulnerability Assessment:

1. Cannot exploit flaws
2. Is a hybrid solution
3. Cannot discover potential access path
4. Provides false positives

2. Penetration Testing
Penetration testing is a method of evaluating the security of a machine. Services are
evaluated to identify weakness, vulnerabilities, flaws, and the absence of patches.
Identifying the security holes, firewall configuration and Wireless points.
It includes internal penetration testing and External Penetration testing (done
remotely).

A. Internal Penetration Testing
1. Map the internal network.
2. Scan the network for live host.
3. Port scans individual machines.
4. Try to gain access using known vulnerabilities.
5. Attempt to establish null sessions.
6. Enumerate users/identify domains on the network.
7. Sniff the network using Wire shark.

8. Sniff POP3/FTP/Telnet passwords.
9. Sniff email messages.
10. Attempt replay attacks.
11. Attempt ARP poisoning.
12. Attempt MAC flooding.
13. Conduct a man-in-middle attack.
14. Attempt DNS poisoning.
15. Try a login to a console machine.
16. Attempt session hijacking on Telnet, Http, and FTP traffic.
17. Attempt to plant software key logger to steal passwords.
18. Plant spyware on target machine.
19. Plant Trojan on target machine.
20. Attempt to bypass antivirus software installed on target machine.
21. Escalate user privileges.

B. External Penetration Testing
This type of penetration testing is done remotely outside the network. Complete
external viewpoint evaluates the security of the entire site.
1. Inventory the company’s external infrastructure.
2. Create topological map of the network and Identify the IP address of the
target machine.
3. Locate the traffic route that goes to the web servers. Locate TCP and UDP
path to the destination.
4. Identify the physical location of the target servers.
5. Examine the use of IPV6 at the remote location.
6. Lookup domain registry for the IP information.
7. Find IP block information about the target and locate the ISP servicing the
client.

All this is achieved by scanning every port on network.

• Use SYN scan- The TCP SYN scan uses common methods of port-identification that allow
to gather information about open ports without completing the TCP handshake process.
When an open port is identified, the TCP handshake is reset before it can be completed.
This technique is often referred as “half open” scanning.

• XMAS scan- Hackers use TCP XMAS scan to identify listening TCP ports. This scan uses a
series of strangely configured TCP packets, which contain a sequence number of 0 and
the Urgent (URG), Push (PSH), and FIN flags.

• NULL scan -This type of scan can get through some fire- walls and boundary routers that
filter on incoming TCP packets with standard flag settings. This includes security
vulnerabilities and other bugs as well as improving the performance.

• Look for error and custom web pages.
• Guess different sub domains names and analyze different responses.
• Examine the session variables and cookies generated by the server. By looking for

sensitive information in webpage source code, one can check for directory consistency
and page naming syntax of the web pages.
• Attempt URL encoding on web pages.
• Try buffer over-flow attempts at input fields, Cross Site Scripting (XSS) technique.
• Various SQL injection techniques are used for remote database exploitation.

Limitation of Pen testing:

1. Cannot discover server-side vulnerabilities.
2. Cannot give information regarding new vulnerabilities.
3. May not discover obvious vulnerabilities.
4. Uncovers only those vulnerabilities that pose threats.

References:

• How important is Penetration Testing? – Help Net Security
https://www.helpnetsecurity.com/2013/09/09/how-important-is-penetration-testing/

• Vulnerability Assessment and Penetration Testing – Ankita Gupta, Kavita, Kirandeep Kaur
https://www.scribd.com/document/158865070/Vulnerability-Assessment-and-Penetration-
Testing


Click to View FlipBook Version