image39

Cybersecurity Penetration Testing

The main objective of Penetration Testing is to identify security holes to your external, internal, wireless, physical access weaknesses and staff.


Penetration testing can also be used to test an organization's IT Department security policies and their adherence to compliance requirements, its employees' security awareness and the organization's ability to identify and respond to security incidents.

Various Types of Penetration Testing

image40

1. External Penetration Testing

This type of pen test is the most common requirement for the pen testers. It aims to discover vulnerabilities and gaps in the network infrastructure of the clients. Since the network could have both internal and external access points, so it is mandatory to run tests locally at the client site and remotely from the outer world.

The testers should target the following network areas in their penetration tests.

  • Firewall config testing.
  • Stateful analysis testing.
  • Firewall bypass testing.
  • IPS deception.
  • DNS level attacks which include.
    • Zone transfer testing.
    • Switching or routing based testing.
    • Any miscellaneous network parameter testing.

Also, there are a set of software modules which the penetration test should cover are as follows.

  • SSH client/server tests.
  • Network databases like MYSQL/SQL Server.
  • Exchange or SMTP mail servers.
  • FTP client/server tests.


2. Internal Penetration Testing

Internal Security Assessment - This test follows a similar methodology to external testing, but provides a more complete view of the internal site’s security with no prior knowledge of the site (black box). Testing will typically be performed from a number of network access points, representing each logical and physical segment.

External Application and Server Security Assessment - This test is designed to identify and  assess threats to the organization. Applications may provide interactive access to potentially sensitive materials, for example; it is vital that they be assessed to ensure that, firstly, an application does not expose the underlying servers and software to attack, and secondly that a malicious user cannot access, modify or destroy data or services within the system. Even in a well-deployed and secured infrastructure, a weak application can expose the organization's crown-jewels to unacceptable risk. Items assessed but not limited to:

Dumpster Diving, in general, dumpster diving involves searching through trash or garbage looking for something useful, checking around the computer area for staff passwords on post-its, under the keyboard.

a. Domain Systems Policies

b. File Server Vulnerability

c. Desktop Vulnerability: Windows Security and OS Updates

d. Application Vulnerability - Applications may provide interactive access to potentially sensitive materials. It is vital that they be assessed to ensure that, firstly, an application does not expose the underlying servers and software to attack, and secondly that a malicious user cannot access, modify or destroy data or services within the system. Even in a well-deployed and secured infrastructure, a weak application can expose the organization's crown-jewels to unacceptable risk.

e. Internal Network Scanning

f. System Fingerprinting

g. Services Probing

h. Exploit Research

i. Manual Vulnerability Testing and Verification

j. Manual Configuration Weakness Testing and Verification

k. Limited Application Layer Testing

l. Administrator Privileges Escalation Testing

m. Password Strength Testing

n. Dumpster Diving

 

3. Wireless Penetration testing - During a Wireless Attack and Penetration, Virtual

IT will take a wireless footprint of the target environment to identify all access points that belong to your organization. More importantly, the encryption types used across the wireless environment are determined at this time. Key targets are selected for attack. If unencrypted networks are observed, clear-text transmissions can be sniffed and reassembled in an attempt to identify user credentials and sensitive information.

a. Weak Protocols

b. Default or weak administrative credentials

c. Mis-association attack potential

d. Dis-association attack potential

e. Evil Twin attack potential

f. WPA Enterprise mis-configurations


4. Social Engineering Phishing (RansomeWare, CyrptoJacking & Email scams)  – A social engineer security penetration test is an activity in which a test team uses the art of manipulating people into performing actions or divulging confidential information through means of phishing (Email scams) on CLIENT staff posing as a service person.

a. Email based (attempting to get employees to login to organization branded portals). A list of internal email addresses will be provided by the client.

b. Phishing email messages and websites are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.

c. Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.


5. Social Engineering Voice Phishing (Vishing) - Browser Proxy Hijacking Vishing –This social engineer security penetration test is an activity in which a test team uses the art of manipulating people into performing actions or divulging confidential information through means of phishing vishing (voice) telephonic techniques on CLIENT staff posing as a service person.

a. Pretext Calling (e.g. Employees and Help Desk Teams)

b. Proxy and Browser hijacking

c. Spearphishing