Penetration tests and vulnerability assessment

IT vulnerability scans and penetration tests often form an integral part of IT security and PCI DSS audits. ELITT also proposes these services for network security evaluations on a standalone basis.

In the field of computer security a vulnerability is a weakness in a computer system that allows an attacker to undermine the integrity of the system and the confidentiality and integrity of the data it contains. These vulnerabilities can be the result of weaknesses in the design, in implementation or in the use of a hardware or software system, but it is generally due to the presence of software bugs. Our security experts use vulnerability scanners to find security weaknesses in computer systems and communications systems in your business in order to correct them before hackers can exploit them.

A penetration test is a method for evaluating the security of a system or computer network. The method is to simulate an attack by a malicious user or malicious software. During a penetration test, the security expert finds himself in the position of the potential attacker. The main purpose of this maneuver is to find exploitable vulnerabilities in order to propose an action plan to improve the security of a system.

 

Methodology

To realize vulnerability scans and active penetration tests ELITT firstly detects live machines on a network, scans open ports, identifies active services and their versions and then tries various attacks.
Even though the procedure is easily adapted to the customer specifications a typical sequence of operations is as stated below:

1. Initial discovery

• Gathering of information to identify the intrusion perimeter
• Information on accessibility is integrated in test protocol

2. Identification of accessible resources

• Detection and identification of accessible resources (systems, networks, services)
• Identification of company network topology and network mapping
• Feed-back on the obtained results and validation of the perimeter prior to start of the next phase.

3. Scan for vulnerabilities and eventual exploitation

• Scan for vulnerabilities on the systems identified in phase 2
• Communication of the identified results
• Explicit request for authorization of exploitation of identified vulnerabilities. It is important that all involved processes and risks have been clearly communicated and understood and the necessary authorizations have been granted prior to the start of operations.
• Exploitation of vulnerabilities to further access the network.
• Provision of proof of intrusion.

4. Progression

• To further try and penetrate the network and information systems, phases 2 to 4 are reiterated.

To optimize the vulnerability detection level ELITT bases her evaluation on recognized methodologies such as the Open-Source Security Testing Methodology Manual (OSSTMM) and the Information System Security Assessment Framework (ISSAF).
Depending on network qualities and configuration the scans and tests may be more or less time consuming.

Tooling

Besides tools such as Nessus, Nmap, Acunetix, sniffer and tcpdump an important range of customized applications can be deployed, depending on the project specifications.

 

Reporting

Results of the vulnerability scans and penetration tests will be thoroughly analyzed by the ELITT experts and form the basis for our reports.
Based on a “Critical – High – Medium – Low” vulnerability scale the risks shall be identified in correlation to their primary hosts and associated recommendations are proposed in order to mitigate these risks.