Despite strong infrastructure hardening processes, devices often go unpatched or misconfigured due to the size of networks. Attackers often take advantage of vulnerabilities in routers, firewalls, DNS, web and database servers, and other systems to gain access to the internal network of an organization. Network Assessment is a critical tool that assesses, evaluates, and mitigates those risks.
- Cyber Defense Institute identifies and tests potential points of attack, after gathering background information by enumerating domains and identifying network blocks registered to the vendor. These attack vectors are first verified, then enumerated to look for available live hosts, ports, and services.
- The output of this testing is a network diagram with ports and services accessible from the Internet. Our team provides a list of vulnerable services along with the level of impact and recommended fixes, including those listed in the SANS/FBI Top 20 Most Critical Internet Security Vulnerabilities (www.sans.org/top20/). We also provide architectural recommendations for the DMZ.
- Discover vulnerabilities in a network
- Move beyond simple scanning with in-depth, non-intrusive assessments or, optionally, penetration testing
- External or internal assessments based on client requirements
Key Business Benefits
- Significant risk reduction on networks
- Understanding of risk posed by external and/or internal attackers
- Improved compliance with regulations and control frameworks, such as the Payment Card Industry Data Security Standard (PCI DSS), COBIT, ISO 27001, GLBA, etc.
Cyber Defense Institute emulates an attacker to gain access to the internal network. In order to emulate an attack, we work through the following steps for each layer of attack (e.g. web server, other Internet-facing hosts, DMZ, management network, internal network):
Information Gathering—Gather background information about the company to create a corporate profile based on data found on the Internet
Domain Enumeration / Network Block Enumeration—Create a detailed network map which helps the organization identify and overcome blind spots. Our consultants approach domain and network enumeration without significant prior knowledge about the company's network.
Host Identification—Identify available hosts through a variety of network scans, after verifying that the network blocks are owned by the company
Service Identification and Enumeration—After identifying the hosts, use Internet data to identify services (including version numbers) that are available on each host
Architecture Diagram —Develop an architecture diagram that details access controls, based on output from the previous steps. This helps clients understand what information a potential attacker can gather about the network from the Internet.
User Identification —Identify user names and attempt brute-force authentication attacks on all Internet-facing web interfaces and devices. This phase is not performed unless explicitly requested by the organization and may result in locking out accounts.
Vulnerability Scanning—Perform vulnerability scanning using the Nessus and other tools on the range of IP addresses that we identified on the Internet. No exploits are run during this phase. This tool is only used to aid in the overall assessment and we will summarize the raw results in our assessment.
Architecture Review—Perform an architecture review using all the information gathered. This review requires interaction with the client's networking group to provide the best results.
Vulnerability Testing - Attempt to gain access to the network and determine the depth of access that an attacker can gain from the Internet. This step involves running exploits and is taken after careful coordination with the client.
Network Analysis Deliverables
The result of a network assessment is a list of possible vulnerable systems (if any). Based on additional analysis (either by exploiting the server, running host review scripts or requesting information through the administrator), false positives will be removed. Additionally, recommendations to help improve the network architecture will be provided.
Cyber Defense Institute will consolidate the deliverable from its physical security review analysis engagements along with the other components reviewed (war driving, war dialing etc). The report will summarize the project's scope, approach, findings and recommendations.