Network Security Testing Techniques Presented By:- Sachin Vador
System Development Life Cycle • 1. Initiation – the system is described in terms of its purpose, mission, and configuration. • 2. Development and Acquisition – the system is possibly contracted and constructed according to documented procedures and requirements. • 3. Implementation and Installation – the system is installed and integrated with other applications, usually on a network. • 4. Operational and Maintenance – the system is operated and maintained according to its mission requirements. • 5. Disposal – the system’s lifecycle is complete and it is deactivated and removed from the network and active use.
When is the Network Security Testing done? • It is done after system has been developed, installed and integrated during Implementation and Operational stages.
Tools and Techniques for Network Security • Network Scanning • Vulnerability Scanning • Password Cracking • Log Reviews • War Dialing • Wireless LAN Testing (War Driving) • Penetration Testing
Network Scanning • Scan for connected hosts • Scan for services running on the host • Scan for which applications are running those services • How Scanning takes place? Ping the hosts using ICMP ECHO and Reply. Look for open TCP/UDP ports. • Operating system fingerprinting. Not reliable as firewalls can be configured to camouflage the operating system.
Network Scanning • Vulnerabilities of IIS different from Apache. • Listen on the remote port. • Banner Grabbing. • Need human to interpret the results. • Preparation for Penetration Testing.
Network Scanning Results • Investigate and disconnect unauthorized hosts • Disable or remove unnecessary and vulnerable services • Modify vulnerable hosts to restrict access to vulnerable services to a limited number of required hosts (e.g., host level firewall or TCP wrappers), and • Modify enterprise firewalls to restrict outside access to known vulnerable services.
Vulnerability Scanning • Takes Network Scanning 1 step ahead. • Maintains database of vulnerabilities in operating systems. • They generate more traffic that port scanners. • Network based Scanners. • Host based Scanners.
Log Reviews • Dynamic picture of system activities. • Conformance with the security policies. • IDS sensors placed behind firewall. • Change Firewall Policies.
War Dialing • Unauthorized modems. • Dialing software can dial hundreds of numbers in short time • Block the inbound calls to the identified number if it is not possible to remove them
War Driving • Wireless Default Configuration is insecure. • Drive Test • Just need wireless network card and testing tools • Frequency of testing
Penetration Testing • It is a method of getting into the system by using the techniques used by the attacker. • Specific IP addresses/ranges to be tested • Any restricted hosts (i.e., hosts, systems, subnets, not to be tested) • A list of acceptable testing techniques (e.g. social engineering, DoS, etc.) and tools (password crackers, network sniffers, etc.) • Times when testing is to be conducted (e.g., during business hours, after business hours, etc.) • Identification of a finite period for testing • IP addresses of the machines from which penetration testing will be conducted so that administrators can differentiate the legitimate penetration testing attacks from actual malicious attacks • Points of contact for the penetration testing team, the targeted systems, and the networks • Measures to prevent law enforcement being called with false alarms (created by the testing) • Handling of information collected by penetration testing team.
Penetration Testing • Blue Teaming • Red Teaming
Phases of Penetration Testing • Planning Phase Goals are set. Permission is taken. No testing. • Discovery Phase Testing starts. Port scanning is used to identify the vulnerabilities. • Executing the attack Exploit the vulnerabilities.
Conclusion • Acceptable use guidelines (e.g., what is acceptable use of organization computing and network resources) • Roles and responsibilities (for users, administrators, management) • Authentication (e.g., passwords, biometrics) • Availability of resources (redundancy, recovery, backups) • Compliance (infractions, consequences and penalties).