April 29, 2020

Cost-effective Penetration Test (VA/PT)

Criminal hackers try to gain access to corporate data for various reasons. Organizations protect against this with a number of security products like antivirus, firewall, intrusion prevention, network access control etc. But how safe are these products against hackers/malware? Our penetration test answers exactly this question. During Penetration Test we simulate hacker attack on the client’s network. Using a combination of popular tools, proprietary scripts, and manual testing, we do our best to penetrate the network in a non-harmful way. After the attack, we point out all the flaws in the client’s defenses and help the client to improve infrastructure, configuration and processes as needed to permanently improve security.

Penetration Test  mimics the actions of an actual attacker exploiting weaknesses in network security without the usual dangers. This audit examines internal and external IT systems for any weakness that could be used to disrupt the confidentiality, availability or integrity of the network, thereby allowing the organization to address each weakness. For internal vulnerability assessments, risk analysis within the company behind the classic firewall structures takes place. All IT components, including distributed network structures, VPN and MPLS are subjected to a detailed analysis. During external security audits our auditors identify existing vulnerabilities with public IPs, Firewalls and DMZ which could be exploited by hackers. External risk analysis usually begins with a detailed reconnaissance phase.

Following components are analyzed during internal security audit:

> Network structure (wired, wireless, VPN, MPLS)
Network Access Control
> Man-in-the-middle attacks
> Password Strength
> Authentication
> Checking for default or weak passwords of IT structures
> Brute-force attacks
> Checking local administration accounts and local user accounts for users rights Services
> Configuration errors
> Vulnerability analysis of operating systems and patch levels used
> Vulnerability analysis of the application server and identified applications
> Analysis of virtual structures, access and authorization system for virtual environments
Access protection on critical IT areas
> War-dialing
> War-driving
> Verification of the protection components (firewall, packet filtering, IPS, …)
> Penetration tests on the identified weaknesses

Our Penetration Test exercise tests ability of target’s security control in blocking or preventing attacks. VA/PT can be conducted in following methods to simulate different attack scenarios.

Black Box– No information regarding target other than host URL/IP. Mostly done for periodic regulatory or standard audit requirement for systems which has not changed since last audit or for industry standard system like Firewall, Operating System, well-known application.

White Box– Full information regarding the target application including user credentials for various roles. Recommended for thorough security testing and security robustness of the deployed system. Recommended for newly developed systems, systems after update or upgrade, web applications, e- commerce, systems handling critical information etc.

Grey Box– It is something in between black box and white box, has limited information regarding the target like IP, Hostname, service details and channels.

We use multiple tools for scanning that includes commercial as well as open source tools. VA scans are done using automated scanning software, assessments can scan OWAPS Top vulnerabilities, as well as other known vulnerabilities. A partial list if scans conducted during the same is listed below.

• Audit Cloud Infrastructure – Audit the configuration of third-party cloud services.
• Badlock Detection – Remote and local checks for CVE-2016-2118 and CVE-2016-0128.
• Bash Shellshock Detection -Remote and local checks for CVE-2014-6271 and CVE-2014-7169.
• Host/Network Scan – A full system scan suitable for any host/network.
• Credentialed Patch Audit – Authenticate to hosts and enumerate missing updates.
• Malware Scan – Scan for malware on Windows and Unix systems.
• PCI External Scan – Approved for quarterly external scanning as required by PCI. (NOT ASV)
• SCAP and OVAL Auditing – Audit systems using SCAP and OVAL definitions.
• Shadow Brokers Scan – Scan for vulnerabilities disclosed in the Shadow Brokers leaks.
• Spectre and Meltdown – Remote and local checks for CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754
• Web Application Tests -Scan for published and unknown web vulnerabilities.

Looking for our IT Security products and services ?