Network & Infrastructure Vulnerability Testing
Symosis Security will begin by performing an external vulnerability assessment on the Public Infrastructure. This assessment will use automated tools and is done to ensure any exposed services, or server configurations are not introducing undo risk to the environment. The interrogation will be of the public address space associated with the systems and applications in scope and focuses on determining if vulnerabilities are present and performing steps to exploit the vulnerabilities to correlate the overall exposure the resources. The following steps are performed.
- Listening network services and OS fingerprint
- Remote service versions and configuration
- Information that can be enumerated remotely
- Remotely accessible vulnerabilities
The Network Vulnerability Assessment Process
Host and Service Discovery
First host discovery scans are performed to determine reachable systems on the network. Symosis Security scans with four ICMP packet types and a mix of commonly open TCP and UDP services to determine the first set of live hosts. IP addresses that are not found to be live during the first round of scans are further scanned on potential TCP/UDP ports to discover any systems that have an active service but are behind a network filter.
OS and Service Fingerprinting
Next OS fingerprinting and service scans are run against the discovered hosts to determine the probable operating system version and active ports. Enumeration of all discovered service versions is performed and additional information is gathered from the service when possible.
Following the service enumeration a non-disruptive vulnerability scan is performed with network vulnerability assessment tools. The tools include Nessus, Metacoretex, and Nikto. These tools perform:
- Host and service discovery at the network level
- Probe active services for known vulnerabilities as a result of poor patch management
- Identify insecurely configured network security products such as routers, hardware firewalls, load balancers, managed switches, VPN appliances, IDS appliances, and IPS appliances.
Symosis Security will then analyze the device security to:
- Identify insecure authentication and authorization mechanisms
- Identify security weaknesses that could lead to unauthorized access or unintended application usage.
- Identify security weaknesses that cold lead to loss of data integrity including blank or default passwords default or factory configuration weaknesses, and web interface vulnerabilities.