The vulnerability assessment methodology combines both black box (no knowledge of the target system) and white box approach (partial knowledge of the system) and it has been developed around the following industry standards: NIST Special Publication 800-115, for network infrastructure penetration testing.
Testing and analysis on multiple systems should be conducted to determine the level of access an adversary could gain. This process is represented in the feedback loop in figure below between the attack and discovery phase of a penetration test.
If an attack is successful, the vulnerability is verified and safeguards are identified to mitigate the associated security exposure. In many cases, exploits that are executed do not grant the maximum level of potential access to an attacker. They may instead result in the testers learning more about the targeted network and its potential vulnerabilities, or induce a change in the state of the targeted network’s security. Some exploits enable testers to escalate their privileges on the system or network to gain access to additional resources. If this occurs, additional analysis and testing are required to determine the true level of risk for the network, such as identifying the types of information that can be gleaned, changed, or removed from the system. In the event an attack on a specific vulnerability proves impossible, the tester should attempt to exploit another discovered vulnerability. If testers are able to exploit vulnerability, they can install more tools on the target system or network to facilitate the testing process. These tools are used to gain access to additional systems or resources on the network, and obtain access to information about the network or organization.
Phase 1 – System Walkthrough.
- Understanding the business or operational objectives of the application including transactions, workflow and processes.
- Reviewing the type of system, network design and the IP/ports that are exposed to external.
Phase 2 – Network Discovery.
- Querying database registrars and performing foot-printing and information gathering techniques to locate DNS servers
- Tracing IP and ICMP packets to the routers, servers and firewall to determine the network topology
- Identifying critical systems, locate responsive hosts, and obtain information such as system time zones and subnet size
Phase 3 – Vulnerability Identification.
- Using port scanning software to identify any open ports or services (i.e., TCP 65,535 and UDP 65,535) on devices or servers reachable
- Connecting to open ports using TCP or UDP network utilities to determine the operating system, firewall and network service versions being used
- Using open source, commercial and proprietary vulnerability testing tools and techniques to identify specific vulnerabilities or exposure points
Phase 4 – Vulnerability Exploitation.
- Analysis of vulnerabilities identified to identify the chances of exploitation and the type of payload and attack methodology
- Executing attack profiles, test scripts and exploit programs to perform proof of concept to demonstrate the security of the target environment
Phase 5 – Reporting
- Upon completion of 4 phases we will conduct a thorough analysis of the results. In addition, we will facilitate a discussion with client to discuss our preliminary results and ensure we have completed a thorough analysis. This discussion will enable us to place our results into a business perspective.
- Following the discussion, we will recommend specific approaches to fix vulnerabilities.
- Insecure or vulnerable services
- Unnecessary or open ports
- Out-of-date or obsolete components
- Unencrypted communication channels
- Unauthenticated access
- Unauthorised administrative portals
- Unauthorised database ports