Sicurezza delle reti informatiche con il Pentest e il Vulnerability assessment Giacomo Lanzi

Computer network security: PT vs. VA

The security of computer networks is of vital importance for a company. With technologies increasingly relying on remote services, it is good to ensure that security is guaranteed. To do this, two tools are used: Vulnerability Assessment and Penetration Test. But what is the difference between them? The answer to this question is not as obvious as one might think.

The short answer is: a Pentest (PT) may be a form of vulnerability assessment (VA), but a vulnerability assessment is definitely not a Pentest. Let’s try to better understand how they work and their purposes.

Verification of the security of computer networks: Vulnerability Assessment

A vulnerability assessment is the process of running automated tools against defined IP addresses to identify vulnerabilities in the environment in which one operates. Vulnerabilities typically include unprotected or misconfigured systems. The tools used to perform vulnerability scans are specific software that automates the process. Obviously these software are practically useless without an operator who knows how to use them correctly.

These tools provide an easy way to scan for vulnerabilities and there are both open source and proprietary ones. The main advantage of the open-source ones is that, with great probability, they are the same ones used by hackers, they are unlikely to pay an expensive subscription, when they can download open source applications for free.

In practice, a VA allows you to:

identify and classify security holes in the computer network
understand the cyber threats to which the company is exposed
recommend corrective measures to eliminate the weaknesses found

The purpose of a Vulnerability Assessment is to identify known vulnerabilities so that they can be corrected. Scans are typically done at least quarterly, although many experts recommend monthly scans.

How to perform a VA

Il processo di esecuzione si divide in due fasi e non prevede lo sfruttamento delle debolezze riscontrate. Questo ulteriore passaggio e’ invece previsto nel Penetration Test.

Fase 1: prima analisi
durante questa fase vengono raccolte tutte le informazioni disponibili sull’obiettivo per determinare quali potrebbero essere i punti deboli e le falle nel sistema di sicurezza delle reti informatiche
Fase 2: seconda analisi
in questa fase, tramite l’uso delle informazioni ricavate, vengono messe alla prova i possibili problemi. In questa fase le vulnerabilita’ sono testate per capire se siano effettivi problemi come supposto precedentemente.

Data l’incredibile velocita’ in cui le tecnologie e le tecniche informatiche si evolvono, e’ possibile che un sistema si mostri sicuro questo mese, ma abbia invece delle criticita’ da risolvere il mese successivo. Per questo e’ consigliato ripetere regolarmente e con frequenza i controlli di sicurezza sulle reti informatiche aziendali.

 

The execution process is divided into two phases and does not involve exploiting the weaknesses found. This further step is instead foreseen in the Penetration Test.

Phase 1: first analysis
during this phase, all the information available on the objective is collected to determine what could be the weak points and gaps in the security system of computer networks
Phase 2: second analysis
in this phase, through the use of the information obtained, possible problems are put to the test. In this phase the vulnerabilities are tested to understand if they are actual problems as previously assumed.
Given the incredible speed at which computer technologies and techniques evolve, it is possible that a system will prove secure this month, but instead have some problems to solve the following month. For this reason, it is advisable to repeat the security checks on company computer networks regularly and frequently.

Results

At the end of the process of verifying the vulnerabilities of a system, the final reports contain all the results collected. Typically these enclose all relevant information, including:

the list of vulnerabilities found
an in-depth description of the vulnerabilities
countermeasures to be adopted to reduce risks

Verification of vulnerabilities is a fundamental procedure for the company, but it does not guarantee the security of computer networks. For the correct maintenance of the security of your systems, it is also essential to use another tool: the Penetration Test.

Penetration test

The Pentest, or penetration test, is aimed at verifying how the vulnerabilities of a system can be exploited to gain access and move within it. One of the initial steps performed by a pentester is scanning the network to find IP addresses, device type, operating systems and possible system vulnerabilities. But unlike the Vulnerability Assessment, the Pentest doesn’t stop there.

Of crucial importance for a tester is the exploit of identified vulnerabilities in order to gain control of the network or to take possession of sensitive data. The tester uses configurable automated tools to perform exploits against computer network systems. The peculiar part, however, occurs when the tester performs manual exploit attempts, just like a hacker would.

Classification

Penetration tests are classified in two ways: gray box or black box.

Gray box tests are performed with full knowledge of the target company’s IT department. Information is shared with the tester, such as network diagrams, IP addresses, and system configurations. The approach of this method is the verification of the safety of the present technology.

A black box test, on the other hand, represents more properly the action of a hacker who tries to gain unauthorized access to a system. The IT department knows nothing about the test being performed and the tester is not provided with information about the target environment. The black box method evaluates both the underlying technology and the people and processes involved to identify and block an attack as it would happen in the real world.

Phases of the Pentest

Phase 1: Analysis
The system is analyzed, studying its strengths and weaknesses. All preliminary information is collected. This, of course, does not happen if it is a gray box pentest.
Phase 2: Scan
The entire infrastructure is scanned to find the weak points to focus on.
Phase 3: Planning
Thanks to the information gathered, we plan with which tools and techniques to use to hit the system. The possibilities are many and they are both purely technological and social engineering techniques.
Phase 4: actual attack
In this phase the testers try to exploit the identified vulnerabilities to gain full control of the targeted system.

Report

At the end of the Penetration Test, a report is also compiled that details the entire process carried out and includes:

evaluation of the impact of a real attack on the company
solutions to solve problems and secure computer network systems

A Penetration Test that is not successful is a sign that the system under examination is safe * and the data inside it does not risk anything. However, this does not mean that the company will be protected forever from any attack: precisely because the strategies of hackers constantly evolve, it is important to carry out Penetration Tests regularly.

(*) It should be noted, however, that although a good Penetration Test follows guidelines or structuring methodologies (i.e. OWASP) it remains a test with a strong subjective impact of the Penetration Tester and of the team that performed it, therefore it cannot be excluded that by repeating the tests carried out by a different group of Penetration Tester we have no new results. Furthermore, as is well known to our readers, in the field of Cyber ​​Security the concept of “safe” in absolute terms is inadequate.

How to do

Although Vulnerability Assessments and Penetration Tests have different objectives, both should be performed regularly to verify the overall security of the information system.

Vulnerability assessment should be done often to identify and fix known vulnerabilities. The Pentest should be carried out at least once a year and certainly after significant changes in the IT environment, to identify possible exploitable vulnerabilities that may allow unauthorized access to the system. Both of the services described in this article are available through SOD, even on a recursive basis to ensure test effectiveness. contact us to find out more.

[btnsx id=”2931″]

Useful links:

Security: pentest and verification of vulnerabilities

Vulnerability Assessment & Penetration Test

 

 

 

Share


RSS

More Articles…

Categories …

Tags

RSS darkreading

RSS Full Disclosure

  • Application is Vulnerable to Session Fixation March 27, 2024
    Posted by YOGESH BHANDAGE on Mar 27*Vulnerability Name - *Application is Vulnerable to Session Fixation *Vulnerable URL: *www.fusionpbx.com *Overview of the Vulnerability* Session fixation is a security vulnerability that occurs when an attacker sets or fixes a user's session identifier, manipulating the authentication process. Typically exploited in web applications, this vulnerability allows the attacker to […]
  • APPLE-SA-03-25-2024-1 Safari 17.4.1 March 27, 2024
    Posted by Apple Product Security via Fulldisclosure on Mar 27APPLE-SA-03-25-2024-1 Safari 17.4.1 Safari 17.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214094. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. WebRTC Available for: macOS Monterey and macOS Ventura Impact: Processing an […]
  • APPLE-SA-03-25-2024-2 macOS Sonoma 14.4.1 March 27, 2024
    Posted by Apple Product Security via Fulldisclosure on Mar 27APPLE-SA-03-25-2024-2 macOS Sonoma 14.4.1 macOS Sonoma 14.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214096. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: macOS Sonoma Impact: Processing an image […]
  • APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6 March 27, 2024
    Posted by Apple Product Security via Fulldisclosure on Mar 27APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6 macOS Ventura 13.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214095. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: macOS Ventura Impact: Processing an image […]
  • APPLE-SA-03-25-2024-4 iOS 17.4.1 and iPadOS 17.4.1 March 27, 2024
    Posted by Apple Product Security via Fulldisclosure on Mar 27APPLE-SA-03-25-2024-4 iOS 17.4.1 and iPadOS 17.4.1 iOS 17.4.1 and iPadOS 17.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214097. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: iPhone XS […]
  • APPLE-SA-03-25-2024-5 iOS 16.7.7 and iPadOS 16.7.7 March 27, 2024
    Posted by Apple Product Security via Fulldisclosure on Mar 27APPLE-SA-03-25-2024-5 iOS 16.7.7 and iPadOS 16.7.7 iOS 16.7.7 and iPadOS 16.7.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214098. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: iPhone 8, […]
  • APPLE-SA-03-25-2024-6 visionOS 1.1.1 March 27, 2024
    Posted by Apple Product Security via Fulldisclosure on Mar 27APPLE-SA-03-25-2024-6 visionOS 1.1.1 visionOS 1.1.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214093. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: Apple Vision Pro Impact: Processing an image may […]
  • Escape sequence injection in util-linux wall (CVE-2024-28085) March 27, 2024
    Posted by Skyler Ferrante (RIT Student) via Fulldisclosure on Mar 27Wall-Escape (CVE-2024-28085) Skyler Ferrante: Escape sequence injection in util-linux wall ================================================================= Summary ================================================================= The util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows...
  • Win32.STOP.Ransomware (smokeloader) / Remote Code Execution (MITM) March 27, 2024
    Posted by malvuln on Mar 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/3b9e9e130d52fe95c8be82aa4b8feb74.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Win32.STOP.Ransomware (smokeloader) Vulnerability: Remote Code Execution (MITM) Family: Stop Type: PE32 MD5 3b9e9e130d52fe95c8be82aa4b8feb74 Vuln ID: MVID-2024-0676 Disclosure: 03/22/2024 Description: There are two roads to...
  • Circontrol EV Charger vulnerabilities (CVE-2020-8006, CVE-2020-8007) March 27, 2024
    Posted by Dariusz G on Mar 27Circontrol EV Charger vulnerabilities. 1. CVE-2020-8006 Pre-Auth Stack Based Buffer Overflow CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (10) The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. When the server parses the HTTP headers and finds the […]

Customers

Newsletter

{subscription_form_1}