NETWORK PENETRATION TESTING
We are proven experts in network infrastructure penetration testing based on the PCI DSS requirements or addressing specific risk concerns of our clients. We cover a full port, protocol and service enumeration followed by a vulnerability assessment of the supporting servers. Our security team performs both internal (as a system user) and external (as an outsider) penetration testing to provide an exhaustive range of attack scenarios.
The initial preparation includes the setting of the test scope, testing hours and testing techniques to use. The scope is simply the number of critical systems that the management has decided to test and prepare for any malicious attack scenario. The testing times are usually during off-peak hours from 8PM - 6AM so that there is no noticeable processing disruptions. In many cases the penetration tests are run on a test environment before the systems "go-live" for public use. The techniques used during the testing are also an important factor as many clients and standards require different tests to be run.
After agreeing on these terms the penetration test can begin. A general penetration test comprises of an external penetration test, as an outsider to the business (blackbox testing), and an internal network security review as an insider, employee or system user (whitebox testing). An external network penetration test comprises of the following steps:
This is a process of gathering information on the target from publicly available resources.
Once familiar with the target IPs we can begin the network mapping by initiating various port and service scans for each of the targets.
This is an automated process where a scanner is used to target the host(s) with a vast database of exploits for the discovered systems and services from the previous stage.
From the results of the previous phase the tester needs to verify if the vulnerabilities are really true. This is done by taking the actual scripts and running them against the target hosts.
A management summary stating all critical issues as well as a detailed technical report of all the vulnerabilities with a risk and impact rating and recommendations for their resolution.
The internal network security review is a similar process however the tester runs the tests from inside the network and with user level access to the systems and the applications in scope. Additionally to the activities described above the internal testing also includes:
- Network Traffic / Encryption Review - this process is done by capturing the network traffic with a tool like Wireshark and running various filters on the traffic dump file to obtain user IDs, passwords, encrypted passwords, web traffic, browsing history and other information depending on the requirements of the project.
- Security Configuration Review - the configuration review is a process where the tester verifies that all configuration settings in the domain server / web server / firewall / application server / etc.. are configured in line with the best practice requirements.
An "average" test takes about 2 weeks for the external testing and another 2 weeks for the internal security review procedures. This is a general estimate based on limited daily testing hours and an enterprise IT environment with numerous network and application system components to be tested. The deliverable consists of a detailed report stating all the network layer vulnerabilities with their corresponding impact and recommendations for their resolution.
NetSafety is a global information security consulting firm with a head office base in Sofia, Bulgaria and partner offices in Johannesburg, South Africa. Many successful projects across Europe, UK, Africa and Australia provide a proven professional track record and guarantee the high quality of our services.
Simply call us to schedule a meeting and discuss your business needs.
(+359) 88 9387598
(+359) 87 9387500
NetSafety (South Africa)
(+27) 72 2870170
(+27) 11 0783672
Johannesburg, South Africa