Menu
  • Home
  • Partner
  • Prices
  • News
  • Documents

Vulnerability Assessment & Penetration Test

 

 

 

With the activities of Vulnerability Assessment (for brevity V.A.) and Penetration Test (for the sake of brevity P.T.), the logical and organizational security measures prepared by the client are checked to prevent computer crimes and the dissemination of sensitive information.

 

 

To this end it will be necessary:

   ♦ identify the IT security vulnerabilities of the corporate network and of the systems (in particular of systems considered critical), including web servers;
   ♦ Verify the correctness and completeness of the behavioral policies and procedures put in place, as well as the related training, to prevent the security risks related to negligence and lack of awareness on the part of users in using the IT System.

 

Particular attention will be paid to making these activities as “transparent” as possible to users of the IT system and of minimum impact on the performance of the company IT network. The scans from outside will be carried out preferably at night. For more information contact technical support or open a ticket if you are already a customer.

 

AIMS

The Vulnerability Assessment (VA) / Penetration Test (PT) service verifies the robustness of the network through the following activities:

   ♦ Network sniffing.
   ♦ IP and Port scanning.
   ♦ ARP spoofing.
   ♦ Access to the company network.
   ♦ Attempt to steal and infer domain passwords.
   ♦ Search for possible vulnerabilities on layers 2.3 and 7 of the ISO / OSI stack.
   ♦ Use of any vulnerabilities found to control systems / services.
   ♦ Analysis, verification and interpretation of results.

ACRONYMS AND ABBREVIATIONS

I.V.A. = Internal Vulnerability Assessment

E.V.A. = External Vulnerability Assessment

I.P.T. = Internal Penetration Test

E.P.T. = External Penetration Test

 

APPROACH METHODOLOGY

 

The methodology used aims to measure corporate IT security through four macro steps:

   1) Internal Vulnerability Assessment (1st Step).
Starting point for assessing the IT security of the “internal” network. With this point it will be possible to obtain an index on the security status of the LAN (Local Area Network), this index will then be used to propose counter-measures / methodologies in order to strengthen the level of security.

   2) External Vulnerability Assessment (2nd Step).
Vulnerability Assessment conducted from the outside towards the information systems of the perimeter area.

This phase, although it can be carried out in an independent and isolated manner with respect to the internal Vulnerability Assessment, it is preferable to execute it after the first one in order to be able to compare the results obtained globally and be more targeted in safety observations.

   3) Internal Penetration Test (3rd Step).
A Penetration Test attempts to exploit the vulnerabilities that emerged from previous analyzes to violate the computer systems targeted by the target. The Internal Penetration Test is a PT performed from within the corporate network towards internal and perimeter systems.

For this activity the first two become preparatory.

   4) External Penetration Test (4th Step).
Similar to the previous point with the source of attack located outside the company perimeter.

 

 

The flowchart of Figure 1 illustrates with greater clarity the interconnection existing between the operational steps presented. By means of this representation, it is intended to analyze the safety of the system and to intervene with appropriate countermeasures following precise steps. The execution of the analysis tests depends on the level of security to be achieved. Analysis of reports and application of best practices facilitate decision-making on security tests to be selected.

Note: The following solution intended as a union of the points introduced above should be understood as a safety method that aims to sequentially carry out the safety assessment process using a series of tests. The process must not necessarily be considered as atomic (execution of all the tests) but, as shown in the flow chart below, as a modular process of corporate security analysis.

 

 

Contact us

INTERNAL VULNERABILITY ASSESSMENT (I.V.A.)

Through computer tools we will analyze the robustness of information measures from within (trust network), trying to identify what possible known vulnerabilities could be exploited by malicious users to make cyber attacks.

It will be about doing non-destructive “scans” on systems, with tools that are designed to detect the status of operating systems or standard applications.

These tools will be those commonly used by malicious users and available on the Internet; or, on specific request, tools prepared by well-known security software manufacturers may be used. The use of “open-source” public tools or a specific company does not lead to a substantial difference in results.

In analyzing the vulnerabilities and weaknesses of the infrastructure as a whole, the critical ones will be highlighted. “Criticism” will mean that vulnerability that could cause serious and immediate damage, such as blocking activities, loss of sensitive data, loss of credibility, image or money. So that immediate measures can be taken to mitigate the problem.

 

TARGET I.V.A.

Target means the set of elements that are the object of the Vulnerability Assessment. This set changes according to different structural factors, characteristic of the analyzed business reality, and to the type of V.A. conducted.

According to some considerations, the Target is identified in the LAN (attestation to any segment of the LAN) seen as a weak link in the network infrastructure. Subsequently it will be possible to modify the Target based on further observations and the result of V.A.

The Target object of the proposal includes the following devices within the LAN:

   ◊ Network device.
   ◊ Security device.
   ◊ Application server.
   ◊ Storage server.

 

PHASES I.V.A.

The project is divided into the following phases:

   1) Reconnaissance phase.
Acquisition of all information potentially useful for V.A. The technical information to be acquired includes:

   ◊ Network structure (reverse engineering to detect network topology).
   ◊ Identification and classification of “critical” servers and network devices from an architectural point of view of security.
   ◊ Identification of operating systems used (S. fingerprint).
   ◊ Finding public information on the applications used.

 

   2) Vulnerability Assessment.

Identifying vulnerability of target objects. The tiger team will conduct authorized attacks using public or specially developed tools to search for vulnerabilities in the target analyzed in order to obtain access permissions to the systems.

The identification of the vulnerabilities present will also serve to identify the compromised (or compromise) systems to be used in the subsequent phases as a means (escalating point) to carry out further scans or compromises.

   3) Vulnerability classification.

Classification of vulnerabilities of target objects. All the identified vulnerabilities will be classified in order of priority from the most critical to the least critical. This classification will help the decision-making process of securing the IT infrastructure.

   4) Report e gestione contromisure.

Delivery of documentation on the analyzed and suggestions on the adoption of any countermeasures.

 

REPORT I.V.A.

The report on the Internal Vulnerability Assessment includes all the documentation provided at the end of the related activity.

Figure 2 shows the first step, described above, highlighting the reporting phase intended as output of the activity of I.V.A.

 

The report will contain the following information:

  ♦ List of vulnerabilities associated with the single server / network device if present.
For each element of the network analyzed, included in the target, a list of security vulnerabilities and their description will be provided.

  ♦ Vulnerability classification.
The identified vulnerabilities will be divided into:

   ◊ High (Critical): Vulnerabilities that constitute or may constitute a serious risk for the company.
   ◊ Medium: Medium risk vulnerability, exploitable with few attack vectors or of little impact for the company.
   ◊ Low: Vulnerability of low or near zero impact on business productivity.

 

List of actions to eliminate or reduce vulnerabilities with which the system is affected.

   ♦ Best practices.
Set of rules and behaviors suggested to maintain a high and acceptable level of security. These indications may be provided as a list of actions to be carried out habitually in relation to an activity or as a methodological process in the form of a flow chart.

Contact us

EXTERNAL VULNERABILITY ASSESSMENT (E.V.A.)

 

TARGET E.V.A.

According to some considerations, the Target is identified in the perimeter network devices seen as physical separators between the LAN and the Internet (trusted network and untrusted network). Subsequently it will be possible to modify the Target based on further observations and the result of V.A.

The Target object of the proposal includes the following network devices:

 ♦ Security device.
    ◊ Firewall
    ◊ VPN terminators.
    ◊ Access Point / Radio Bridges.
 ♦ Application server

 

PHASES E.V.A.

The project is divided into the following phases:

   1) Reconnaissance phase.
Acquisition of all information potentially useful for V.A. The technical information to be acquired includes:

   ♦ Perimeter network structure (reverse engineering to detect network topology).
   ♦ Identification and classification of “critical” servers and network devices from an architectural point of view of security.
   ♦ Identification of operating systems used (S. fingerprint).
   ♦ Identification of remote access methods.
   ♦ Finding public information from the company requesting the safety test.
   ♦ Finding public information on the applications used.

   2) Vulnerability Assessment.

Identifying vulnerability of target objects. The tiger team will conduct authorized attacks using public or specially developed tools to search for vulnerabilities in the target analyzed in order to gain access to the systems.

The identification of the vulnerabilities present will also serve to identify the compromised (or compromise) systems to be used in the subsequent phases as a means (escalating point) to carry out further scans or compromises.

   3) Vulnerability classification.

Vulnerability classification of target objects. All the identified vulnerabilities will be classified in order of priority from the most critical to the least critical. This classification will help the decision-making process of securing the IT infrastructure.

   4) Report e gestione contromisure.

Delivery of documentation on the analyzed and suggestions on the adoption of any countermeasures.

 

REPORT E.V.A.

The report on the External Vulnerability Assessment includes all the documentation provided at the end of the related activity.

Figure 3 shows the second step, described above, highlighting the reporting phase intended as output of the activity of E.V.A.

The report will contain the following information:

   ♦ List of vulnerabilities associated with the single server / network device if present.
For each element of the network analyzed, included in the target, a list of security vulnerabilities and their description will be provided.

   ♦ Vulnerability classification.
The identified vulnerabilities will be divided into:

   ♦ High (Critical): Vulnerabilities that constitute or may constitute a serious risk for the company.
   ♦ Medium: Medium risk vulnerability, exploitable with few attack vectors or of little impact for the company.
   ♦ Low: Impact vulnerability low or near zero for business productivity.
List of actions to eliminate or reduce vulnerabilities with which the system is affected.

   ♦ Best practices.
Set of rules and behaviors suggested to maintain a high and acceptable level of security. These indications may be provided as a list of actions to be carried out habitually in relation to an activity or as a methodological process in the form of a flow chart.

Contact us

 

INTERNAL PENETRATION TEST (I.P.T.)

 

TARGET I.P.T.

In base ad alcune considerazioni il Target viene identificato nella LAN (attestazione ad un qualsiasi segmento della LAN) visto come anello debole dell’infrastruttura di rete. Successivamente sarà possibile modificare il Target in base ad ulteriori osservazioni e al risultato del V.A.

Il Target oggetto della proposta comprende i seguenti dispositivi all’interno della LAN:

Network device.
Security device.
Application server.
Storage server.

 

PHASES I.P.T.

   1) Exploiting server application.
This phase develops on the basis of the information obtained from the I.V.A. Based on the analysis previously obtained, the tiger team selects / implements the appropriate set of attacks in order to compromise the application servers.

   2) Penetrating Network.
The tiger team uses attack techniques to circumvent Network Security systems.

   3) Privilege escalation.
The tiger team focuses on compromised targets also used as attack vectors.

   4) Report and management of countermeasures.
Delivery of documentation on the analyzed and suggestions on the adoption of any countermeasures.

 

REPORT I.P.T.

The Internal Penetration Test report includes all the documentation provided at the end of the related activity.

Figure 4 shows the third step, described above, highlighting the reporting phase intended as the output of the I.P.T.

The report will contain the following information:

   Attack methods (exploits) used.
A description will be provided of the methods of attack used and their use in the target environment in order to violate the analyzed systems.

List of actions to eliminate or reduce vulnerabilities with which the system is affected.

   Best practices.
Set of rules and behaviors suggested to maintain a high and acceptable level of security. These indications may be provided as a list of actions to be carried out habitually in relation to an activity or as a methodological process in the form of a flow chart.

Contact us

EXTERNAL PENETRATION TEST (E.P.T.)

 

TARGET E.P.T.

According to some considerations, the Target is identified in the perimeter network devices seen as physical separators between the LAN and the Internet (trusted network and untrusted network). Subsequently, it will be possible to modify the Target based on further observations and the result of V.A.

The Target object of the proposal includes the following network devices:

   1) Security device.
      1. Firewall.
      2. VPN terminators.
      3. Access Point / Radio Bridges.
   2) Application server

PHASES E.P.T.

   1) Exploiting server application.
This phase develops on the basis of the information obtained by E.V.A. Based on the analysis previously obtained, the tiger team selects / implements the appropriate set of attacks in order to compromise the application servers.

   2) Penetrating Network.
The tiger team uses attack techniques to circumvent Network Security systems.

   3) Privilege escalation.
The tiger team focuses on compromised targets also used as attack vectors.

   4) Report and management of countermeasures.
Delivery of documentation on the analyzed and suggestions on the adoption of possible countermeasures.

REPORT E.P.T.

The report on the External Penetration Test includes all the documentation provided at the end of the related activity.

The report will contain the following information:

   Attack methods (exploits) used.
A description will be provided of the methods of attack used and their use in the target environment in order to violate the analyzed systems.

List of actions to eliminate or reduce vulnerabilities with which the system is affected.

   Best practices.
Set of rules and behaviors suggested to maintain a high and acceptable level of security. These indications may be provided as a list of actions to be carried out habitually in relation to an activity or as a methodological process in the form of a flow chart.

Contact us


Project Date

Customers

Facebook FEED

Recent activity

Twitter FEED

Recent activity
  • SecureOnlineDesktop

    RT @Acronis_Italia: Johnson Electric ha quadruplicato la velocità di backup e di potenza nella difesa da #ransomware grazie ad #Acronis bac…

  • SecureOnlineDesktop

    https://t.co/81bmQ57DCF #VeeamMSP #BAAS #CloudServiceProvider #MSP #offsitecopy https://t.co/zUxqD2WIyO

  • SecureOnlineDesktop

    Il #GDPR e Acronis Cloud Backup https://t.co/2gQzyfXova #privacy #dataprotection https://t.co/kPQRE84rR8

  • SecureOnlineDesktop

    Ransomware senza tregua: un'infezione su quattro chiede il riscatto - @ictBusinessIT https://t.co/mApqL9Qts6 #Ransomware #cybercrime

  • SecureOnlineDesktop

    RT @NeicosItalia: All'incontro del Team Tricolore, Piergiorgio Venuti ha introdotto la Secure Online Desktop, azienda che fornisce servizi…

Newsletter

    Swite Tumblr

219