network security testing techniques l.
Skip this Video
Loading SlideShow in 5 Seconds..
Network Security Testing Techniques PowerPoint Presentation
Download Presentation
Network Security Testing Techniques

Loading in 2 Seconds...

play fullscreen
1 / 18

Network Security Testing Techniques - PowerPoint PPT Presentation

  • Uploaded on

Network Security Testing Techniques Presented By:- Sachin Vador System Development Life Cycle System Development Life Cycle 1. Initiation – the system is described in terms of its purpose, mission, and configuration.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Network Security Testing Techniques' - Lucy

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
network security testing techniques

Network Security Testing Techniques

Presented By:-

Sachin Vador

system development life cycle3
System Development Life Cycle
  • 1. Initiation – the system is described in terms of its purpose, mission, and configuration.
  • 2. Development and Acquisition – the system is possibly contracted and constructed according to documented procedures and requirements.
  • 3. Implementation and Installation – the system is installed and integrated with other applications, usually on a network.
  • 4. Operational and Maintenance – the system is operated and maintained according to its mission requirements.
  • 5. Disposal – the system’s lifecycle is complete and it is deactivated and removed from the network and active use.
when is the network security testing done
When is the Network Security Testing done?
  • It is done after system has been developed, installed and integrated during Implementation and Operational stages.
tools and techniques for network security
Tools and Techniques for Network Security
  • Network Scanning
  • Vulnerability Scanning
  • Password Cracking
  • Log Reviews
  • War Dialing
  • Wireless LAN Testing (War Driving)
  • Penetration Testing
network scanning
Network Scanning
  • Scan for connected hosts
  • Scan for services running on the host
  • Scan for which applications are running those services
  • How Scanning takes place?

Ping the hosts using ICMP ECHO and Reply. Look for open TCP/UDP ports.

  • Operating system fingerprinting.

Not reliable as firewalls can be configured to camouflage the operating system.

network scanning7
Network Scanning
  • Vulnerabilities of IIS different from Apache.
  • Listen on the remote port.
  • Banner Grabbing.
  • Need human to interpret the results.
  • Preparation for Penetration Testing.
network scanning results
Network Scanning Results
  • Investigate and disconnect unauthorized hosts
  • Disable or remove unnecessary and vulnerable services
  • Modify vulnerable hosts to restrict access to vulnerable services to a limited number of required hosts (e.g., host level firewall or TCP wrappers), and
  • Modify enterprise firewalls to restrict outside access to known vulnerable services.
vulnerability scanning
Vulnerability Scanning
  • Takes Network Scanning 1 step ahead.
  • Maintains database of vulnerabilities in operating systems.
  • They generate more traffic that port scanners.
  • Network based Scanners.
  • Host based Scanners.
log reviews
Log Reviews
  • Dynamic picture of system activities.
  • Conformance with the security policies.
  • IDS sensors placed behind firewall.
  • Change Firewall Policies.
war dialing
War Dialing
  • Unauthorized modems.
  • Dialing software can dial hundreds of numbers in short time
  • Block the inbound calls to the identified number if it is not possible to remove them
war driving
War Driving
  • Wireless Default Configuration is insecure.
  • Drive Test
  • Just need wireless network card and testing tools
  • Frequency of testing
penetration testing
Penetration Testing
  • It is a method of getting into the system by using the techniques used by the attacker.
  • Specific IP addresses/ranges to be tested
  • Any restricted hosts (i.e., hosts, systems, subnets, not to be tested)
  • A list of acceptable testing techniques (e.g. social engineering, DoS, etc.) and tools (password crackers, network sniffers, etc.)
  • Times when testing is to be conducted (e.g., during business hours, after business hours, etc.)
  • Identification of a finite period for testing
  • IP addresses of the machines from which penetration testing will be conducted so that administrators can differentiate the legitimate penetration testing attacks from actual malicious attacks
  • Points of contact for the penetration testing team, the targeted systems, and the networks
  • Measures to prevent law enforcement being called with false alarms (created by the testing)
  • Handling of information collected by penetration testing team.
penetration testing14
Penetration Testing
  • Blue Teaming
  • Red Teaming
phases of penetration testing16
Phases of Penetration Testing
  • Planning Phase

Goals are set. Permission is taken. No testing.

  • Discovery Phase

Testing starts. Port scanning is used to identify the vulnerabilities.

  • Executing the attack

Exploit the vulnerabilities.

  • Acceptable use guidelines (e.g., what is acceptable use of organization computing and network resources)
  • Roles and responsibilities (for users, administrators, management)
  • Authentication (e.g., passwords, biometrics)
  • Availability of resources (redundancy, recovery, backups)
  • Compliance (infractions, consequences and penalties).