Network & Infrastructure Vulnerability Testing
Symosis Security will begin by performing an external vulnerability assessment on the Public Infrastructure. This assessment will use automated tools and is done to ensure any exposed services, or server configurations are not introducing undo risk to the environment. The interrogation will be of the public address space associated with the systems and applications in scope and focuses on determining if vulnerabilities are present and performing steps to exploit the vulnerabilities to correlate the overall exposure the resources. The following steps are performed.
- Listening network services and OS fingerprint
- Remote service versions and configuration
- Information that can be enumerated remotely
- Remotely accessible vulnerabilities
The Network Vulnerability Assessment Process
Host and Service Discovery
First host discovery scans are performed to determine reachable systems on the network. Symosis Security scans with four ICMP packet types and a mix of commonly open TCP and UDP services to determine the first set of live hosts. IP addresses that are not found to be live during the first round of scans are further scanned on potential TCP/UDP ports to discover any systems that have an active service but are behind a network filter.
OS and Service Fingerprinting
Next OS fingerprinting and service scans are run against the discovered hosts to determine the probable operating system version and active ports. Enumeration of all discovered service versions is performed and additional information is gathered from the service when possible.
Following the service enumeration a non-disruptive vulnerability scan is performed with network vulnerability assessment tools. The tools include Nessus, Metacoretex, and Nikto. These tools perform:
- Host and service discovery at the network level
- Probe active services for known vulnerabilities as a result of poor patch management
- Identify insecurely configured network security products such as routers, hardware firewalls, load balancers, managed switches, VPN appliances, IDS appliances, and IPS appliances.
Symosis Security will then analyze the device security to:
- Identify insecure authentication and authorization mechanisms
- Identify security weaknesses that could lead to unauthorized access or unintended application usage.
- Identify security weaknesses that cold lead to loss of data integrity including blank or default passwords default or factory configuration weaknesses, and web interface vulnerabilities.
Wireless Security Assessments
Wireless security assessments and penetration testing are designed to evaluate the ability to exploit weaknesses in the wireless network to include access points and wireless bridge devices. The goal of the exercise to assess the exposure of your deployed wireless solutions to wireless network attacks.
Organizations face two main issues in the wireless environment, the strength of their wireless solution, and the risk posed by rogue access points or clients. Symosis helps you understand your risk by accessing the strength of your current wireless deployment. The first step is to perform a site walk-through to discover all wireless devices in range. The second step involves testing the authorized access points and clients. Symosis encompasses WLAN (wireless local area network) testing as a whole to determine if an attacker can gain access to the wireless network and what level of logical access is granted, as well as testing the security of wireless clients. The final step is to identify rogue access points and rogue clients to determine if they are connected to your LAN and what risk they pose to your organization.
- Identifies all access points, rogue devices and tests for vulnerabilities
- Analyzes system architecture, configurations and interview employees
- Provides technical findings, policy recommendations and procedural solutions
Many organizations have begun migrating from the standard “copper wire” telephone systems to “voice over IP” (VOIP) technology. VoIP solutions aimed at businesses have evolved into “unified communications” services that treat all communications—phone calls, faxes, voice mail, e-mail, Web conferences and more—as discrete units that can all be delivered via any means and to any handset, including cell phones. While initially “free from hacker attacks”, VOIP is now more and more subject to “hacker” attacks that are aimed to disrupt, compromise or abuse VOIP traffic resulting in yet another way organizations face security threats to their operational assets. Symosis VOIP Security Assessment Service is specifically designed to assess your existing VOIP infrastructure and identify existing and potential security and reliability issues including
- Security against DOS attacks
- Voice Mailbox break-ins
- Unauthorized recording of VOIP conversations
- Protection against general “unauthorized access”
- Protection against VOIP call “eavesdropping”.
- Spam Over Internet telephony (SPIT).
- Call Floods, Harassing Calls, H.323 concerns
- Software Patch Level Compliance
- Resistance to Viruses and Malware
- Application Layer Gateway Concerns
- Use of Encryption Technology
- VOIP System Redundancy
Data Center Security
Data Center Security reviews will include technical as well as management aspects to ensure defensive and preventive security controls are in place. This will be facilitated via interviews with the network administrator, the host administrator, and the application manager. The technical aspect will ensure the communication conduits are restricted for data transmission for the application, the management interfaces are properly isolated, and the data storage takes into account regulatory requirements such as encryption and logging. Supporting documentation to be reviewed includes the following:
- Firewall configurations and router and switch VLAN segmentation created.
- Current change control policies for both normal and exception windows.
- Administration process and protocols in use for security effectiveness
- Current run book
- Logical Topographical maps Physical Security Review
Physical security review driven by risk management and compliance include review of certain Facility Access and Control. Organizations must limit physical access to its facilities while ensuring that authorized access is allowed and implement policies and procedures to specify proper use of and access to workstations and electronic media. Symosis will evaluate the effectiveness of appropriate policies including policies and procedures regarding the transfer, removal, disposal, and re-use of electronic media, to ensure appropriate protection of critical corporate and customer data