Network Penetration Testing

The sole purpose of Vulnerability Assessment is to identify, quantify and rank vulnerabilities in your systems and evaluate your enterprise security effort at a technical and program level. Vulnerability assessment falls under cyber security testing, which is also known as VAPT service and it is the technique of identifying (discovery) and measuring security vulnerabilities (scanning) in a given environment. It is a comprehensive assessment of the information security position (result analysis). Further, it identifies the potential weaknesses and provides the proper mitigation measures (remediation) to either remove those weaknesses or reduce below the risk level.

Cyber attacks are increasing every day with the increased use of mobile and Web applications. Globally, statistics show that more than 70 per cent of the applications either have vulnerabilities which could potentially be exploited by a hacker, or worse, they have already been exploited. The data losses due to this are typically of two types. Either the data is confidential to the organisation or it is private to an individual. Regardless of the category, data losses result in the loss of money or reputation. This article explores a technical process that can be adopted by industries and organisations to protect their intellectual property, and if implemented correctly, will result in better risk management. For those who are new to Vulnerability Assessment and Penetration Testing (VAPT), this is a technical assessment process to find security bugs in a software program or a computer network. The network may be a LAN or WAN, while the software program can be a .exe running on a server or desktop, a Web/cloud application or a mobile application.

There are primarily two main reasons for systems being vulnerable—misconfiguration and incorrect programming practices. In the case of networks, devices such as routers, switches and servers, as well as firewalls and IPS systems are either misconfigured or, in some cases, not configured at all, thus running default settings. As an example, almost all firewalls have a default built-in user account with the name,‘admin’. Typically, the password for it is also set to ‘admin,’ by default, or something even easier to guess. Looking at the example of servers, installing a database server leaves us with an ‘sa’ account, which has a blank password.

As for programming errors, a user input taken from a Web application form may be directly sent to a backend database server without parsing it. This can lead to a parameter manipulation attack or SQL injection attack. Another example of programming errors would be a Web service accepting requests without performing adequate authentication, thus leaking data inadvertently. This shows us that it is human error that leads to vulnerable systems, which could be exploited easily by attackers, to compromise data confidentiality, integrity and availability. As part of our enterprise security assessment process, we examine and assess various controls, technologies and procedures to identify points of failure. Our trained experts can evaluate select systems or entire environments. This service includes a validation of your policies, procedures, infrastructure implementations and security controls from an offensive perspective.

The benefits are as below
~~ Understanding of security issues in critical systems
~~ Recommendations for remediation
~~ Expertise to help identify your most critical weaknesses
~~ Helps identify programming errors that can lead to cyber attacks
~~ Provides a methodical approach to risk management
~~ Secures IT networks from internal and external attacks
~~ Secures applications from business logic flaws
~~ Increased ROI on IT security
~~ Protects the organisation from loss of reputation and money

The sole purpose of Penetration testing (Pentesting) is to understand, quantify and document the real-world risks of an attack in today’s changing threat landscape.
During a penetration test, our experts will attempt to breach the information security controls of your organization. Using an arsenal of techniques and tools, our penetration testers will try to exploit your critical network, applications and systems and access and exfiltrate sensitive data or other specified targets. We conduct penetration testing on a variety of systems and from various perspectives to help you understand your true exposure. If a system is compromised, post-exploitation techniques identify additional risks, allowing lateral and vertical movement through the network.
~~ Identify weaknesses in your systems
~~ Understand the multiple points of failure that can lead to a breach or disclosure
~~ Identify lateral and vertical exploitation vulnerabilities that lead to privilege escalation and sensitive data loss
~~Document and remediate vulnerabilities
~~ Verify security controls
A penetration test will help companies determine the weaknesses in their network, computer systems and applications. A standard penetration test might contain a vulnerability assessment through conventional system and software testing or network security scanning alone. Unlike other penetration testing companies who focus on assembly line assessments, we take a different approach. We deliver a quality product tailored to your needs. We work with our customers to build an accurate profile of what your primary business function is, where threats come from, and what the goal of your security assessment is. This is done to ensure that the work conducted meets your exact needs and not just easily productized. We focus on long term relationships with our clients to ensure they get the best penetration test possible, offering them high-end, professional security audit services tailored to their needs.

A penetration test (PT) is a proof-of-concept approach to actually explore and exploit vulnerabilities. This process confirms whether the vulnerability really exists and further proves that exploiting it can result in damage to the application or network. The PT process is mostly intrusive and can actually cause damage to the systems; hence, a lot of precautions need to be taken before planning such a test. The outcome of a PT is, typically, evidence in the form of a screenshot or log, which substantiates the finding and can be a useful aid towards remediation. As a summary, shown below are the steps involved in the VAPT process.

Differences between VA and PT

VA and PT differ from each other in two aspects. The VA process gives a horizontal map into the security position of the network and the application, while the PT process does a vertical deep dive into the findings. In other words, the VA process shows how big a vulnerability is, while the PT shows how bad it is. There is one more subtle difference. Due to the nature of work involved in each process, a VA can be carried out using automated tools, while a PT, in almost all cases, is a manual process. This is because PT essentially simulates what real hackers would do to your network or application. Figures 1 and 2 shows the VAPT process for network and Web applications, respectively.Our penetration testing engagements are very detailed in nature and involves lots of technical efforts.

What Is Vulnerability And Penetration Testing From Our Service Offering?
Our service offering is built to understand the need to be agile, introduce new systems, technologies and ways of working to be competitive and improve efficiency. Our security vulnerability assessment services maximizes risk reduction whilst minimizing any disruption to the delivery of business. We evaluate systems by subjecting them to external Internet attacks or by considering insider threats. By using our testing services at regular intervals, our clients will stay one step ahead of potential attackers, enabling their IT systems to grow with their business, without lowering the defenses of the enterprise. Our approach to Vulnerability and Penetration testing provides a thorough, quality service whilst allowing the flexibility necessary to test a wide range of IT systems. Organizations depend on business and IT systems to operate effectively and competitively in this digital age. These systems are frequently updated and even a small change can introduce new vulnerabilities. Significant effort is invested to ensure that the systems run efficiently, and that the necessary security controls are incorporated, yet organizations don’t always test that the security controls are implemented correctly or are sufficient. Left to chance, vulnerabilities will only be discovered once security has been breached, leaving the organization open to potential regulatory fine, financial loss, reputational damage or theft of business critical information or intellectual property.

Vulnerability and Penetration Testing: how does it work?
Since any network can be breached with time and skill, there will always be risk. It’s all about Risk Management and clients are keen to understand the risk to their organization. Our service helps to reduce risks:
* Identifies technical and architectural vulnerabilities that can be exploited by attackers;
* Assesses ability to withstand common attacks;
* Ensures coverage of systems and issues that automated tools are unable to identify;
* Prioritizes vulnerabilities by criticality to assist in remediation planning;
* Provides remediation suggestions drawn from extensive practical experience and industry best practices;
* Evaluates the client detection and response capabilities and performance when security events occur;
* Intrusive and non-intrusive options.
Benefit from Vulnerability and Penetration Testing
Our primary objectives are to demonstrate, to the highest level of assurance possible, that a system is either susceptible or not susceptible to particular security weaknesses, to provide clear recommendations for vulnerability mitigation that is both straightforward to implement and tailored to the required functionality of the system under test and last but not least to help our clients ensure that their IT systems are not the weakest link in their security infrastructure.

NIST recommends the following:
Make network security testing a routine and integral part of the system and network operations and administration. Organizations should conduct routine tests of systems and verify that systems have been configured correctly with the appropriate security mechanisms and policy. Routine testing prevents many types of incidents from occurring in the first place. The additional costs for performing this testing will be offset by the reduced costs in incident response.
Test the most important systems first. In general, systems that should be tested first include those systems that are publicly accessible, that is, routers, firewalls, web servers, e-mail servers, and certain other systems that are open to the public, are not protected behind firewalls, or are mission critical systems. Organizations can then use various metrics to determine the importance or criticality of other systems in the organization and proceed to test those systems as well.
Use caution when testing. Certain types of testing, including network scanning, vulnerability testing, and penetration testing, can mimic the signs of attack. It is imperative that testing be done in a coordinated manner, with the knowledge and consent of appropriate officials.
Ensure that security policy accurately reflects the organization’s needs. The policy must be used as a baseline for comparison with testing results. Without appropriate policy, the usefulness of testing is drastically limited. For example, discovering that a firewall permits the flow of certain types of traffic may be irrelevant if there is no policy that states what type of traffic or what type of network activity is permitted. When there is a policy, testing results can be used to improve the policy.
Integrate security testing into the risk management process. Testing can uncover unknown vulnerabilities and misconfigurations. As a result, testing frequencies may need to be adjusted to meet the prevailing circumstances, for example, as new controls are added to vulnerable systems or other configuration changes are made because of a new threat environment. Security testing reveals crucial information about an organizations security posture and their ability to surmount attack externally or to avoid significant financial or reputational cost from internal malfeasance. In some cases, the results of the testing may indicate that policy and the security architecture should be updated. Hence, this insight into the security posture of an organization is highly relevant to a well-functioning risk management program.
Ensure that system and network administrators are trained and capable. Security testing must be performed by capable and trained staff. Often, individuals recruited for this task are already involved in system administration. While system administration is an increasingly complex task, the numbers of trained system administrators generally has not kept pace with the increase in computing systems. Competent system administration may be the most important security measure an organization can employ, and organizations should ensure they possess a sufficient number with the required skill level to perform system administration and security testing correctly. Ensure that systems are kept up-to-date with patches. As a result of security testing, it may become necessary to patch many systems. Applying patches in a timely manner can sharply reduce the vulnerability exposure of an organization. Organizations should centralize their patching efforts so as to ensure that more systems are patched as quickly as possible and immediately tested.
Look at the big picture. The results of routine testing may indicate that an organization should readdress its systems security architecture. Some organizations may need to step back and undergo a formal process of identifying the security requirements for many of its systems, and then begin a process of reworking its security architecture accordingly. This process will result in increased security inefficiency of operations with fewer costs incurred from incident response operations.
Understand the capabilities and limitations of vulnerability testing. Vulnerability testing may result in many false positive scores, or it may not detect certain types of problems that are beyond the detection capabilities of the tools. Penetration testing is an effective complement to vulnerability testing, aimed at uncovering hidden vulnerabilities. However, it is resource intensive, requires much expertise, and can be expensive. Organizations should still assume they are vulnerable to attack regardless of how well their testing scores indicate.