"Thanks for your time and help yesterday. Who could believe that such a small change would make such a big difference. You are now everyone's best friend here!"
Roger Menzies, Powerplate
"Philip, I knew from our first meeting (we did get on so well) that Astro would be a company that would work well with Darley..."
"...It has been good to work with such a dedicated team of people rather than a faceless company and I hope Astro Communications and Darley have many years of working together like this."
John Nethersole, Darley
"Can you please pass on my congratulations and thanks to all those Astro guys involved in getting Haven Europe working..."
"...this was seamless with everyone from the Have Europe Directors themselves, members of the Europe team, project team members from outside and of us in the IS Dept being yet again delighted by an excellent job well done."
Jeremy Stancombe, Bourne Leisure
Network Security Penetration Testing
A penetration test is the process of evaluating the security of your network by simulating the processes that a hacker would use to gain access or restrict service to your systems. In the course of the test the consultant will use a combination of tools and programming to attempt to breach the security on your network perimeter. Once accessed the consultant will then attempt to access sensitive material, create backdoors and even restricted access to services. This is achieved by testing the general security of the network and following users in the use of the daily routines on the IT systems available to them.
At each step of the process the consultant will document the activities used and the success and failure of various applied methods. This is conducted with a view to providing you with a detailed report and analysis of the security of both the network perimeter and internal network security. There are two main processes that will be included in a full penetration test utilising a structure that contains two processes each with a series of key components to test and record the security of your business IT systems and network infrastructure.
Security Processes Applied
Black Box Approach – is based on the consultant having no prior knowledge of the network or systems. This is a simulation of a true network hack with the consultant beginning with nothing other then the name of the company. From here the consultant will gather information from the Internet, related media sources and publications to find out as much as possible regarding the network and business. Social engineering is used to identify possible Internet services and even gain access details to required authentication mechanisms. Once the consultant is satisfied that they have gathered the required level information they will begin a series of evasive scans to identify possible access points. From this the consultant can begin to build a clear picture of what programs maybe required to access the network. If required, the consultant will begin to create programs to circumvent various security counter measures that maybe in place. This approach is very time consuming and will adopt a series of methods that require a considerable period of time to recover the required information. This process is the most thorough approach to testing the security of your business.
White Box Approach – is conducted where the consultant will have detailed knowledge of the IT systems and network in order to test each system upon its own merit. This approach utilises the same components as the Black Box test but is designed to be completed inside the network perimeter and is scheduled with the client before being conducted. This approach will target specific systems within the network perimeter with a view to providing a detailed analysis of the system or service without the external security counter measures being tested.
A full penetration test needs to be conducted using both a Black Box and a White Box approach. Upon conclusion of the testing, we can provide a thorough security report. This report would contain a detailed analysis of each of the organisations systems individually, and the entire network security as an entirety. Our consultant will provide details of security counter measures, patches and modifications to each system tested if required.
Key Components Applied
Foot Printing – is a key component to any penetration test and is a reconnaissance phase that involves gathering as much information regarding the organisation in general and the underlying network. The consultant will employ a number of methods ranging from social engineering to domain lookups and whois information in order to obtain a complete picture of how the organisation is structured; information regarding key personnel that are involved and some detail as to the services that are available. This information will provide key aspects which can be used throughout the testing processes and will be documented to show what information is readily available from the Internet and media.
Scanning – is a passive method of directly gathering information as to services that are available from the internet to suggest the best active approach to be undertaken. This is achieved using readily available tools on the Internet such as nmap, nessus and various other passive tools. This component is purely passive so as not to raise attention while we gather further information without interaction with any applications discovered. Full details of all the scans undertaken will be included in the documentation with further recommendations as to how to prevent detection.
Enumeration – is the method of obtaining connection and valid user account or group details in order to remain inconspicuous when gaining access to the services and systems. This is achieved by probing various systems with null sessions in order to enumerate them further. Enumeration is the first component of a penetration test that employs an active method of information gathering. Specific areas are targeted which include:
- SNMP
- Active Directory
- Web services
- Web authentication
- CIFS/SMB
- NetBIOS
- Remote access services such as SSH/Telnet
- RDP/Citrix
- SMTP/POP3/IMAP/HTTP/HTTPS email services
- Other discovered access methods
System Hacking – is where the consultant actively attempts to hack the various network services and systems using the information gathered throughout the previous components. This is where our consultant uses a series of tools and methods - including programs and code written specifically for your network - to gain access to servers, PCs and other network devices. The consultant will use methods to circumvent firewalls and intrusion detection/intrusion prevention systems (IDS/IPS) in order to gather confidential information and/or restrict access to services. Each method employed will be documented and attempted over a prolonged period of time in order to avoid attention. Once access is granted and the required information gathered the consultant will cover their tracks through a number of methods such as log deletion, file and software deletion and the use of rootkits. Each aspect will be documented in full and added to the final report with any confidential documentation obtained as evidence.
Trojans – will be used which mainly include specific code written for the purpose of penetration testing your network. This will provide a clear picture as to the status of anti-virus software, IDS/IPS and internal policies and processes employed by the staff.
Denial of Service – simulated Denial of Service (DoS) attacks will be scheduled with IT in order to test the various vulnerabilities that may exist that can be exploited in order to restrict access or deny access to the various services. This will be included in the documentation and include ways of securing the network further if required.
Session Hijacking – is the process of hijacking a session such as SSH, Telnet or web access to gain access to the required systems and gather information such as logon details. This component can be completed through a number of methods from physically sniffing the network traffic and piecing together session information, to employing dummy web sites that record user activity. This would be carried out by the consultant as both a Black Box and White Box approach.
SQL Injection – is a key component of any penetration test as most organisations now use databases of some description. This employs a method of testing code and scripts to ensure that they will not accept Structured Query Language (SQL) directly through applications or web based forms. This component will also highlight requirements for a more thorough IDS/IPS solution that involves database applications.
Our Solution
Penetration testing is a thorough and very time consuming activity that when conducted in the correct way provides a baseline to which further preliminary tests can be carried out. Management of both the initial test and the future tests should be conducted by registered and accredited consultants our consultants are both EC-Council accredited and OSSTMM (Open Source Security Testing Methodology Manual) registered to provide security tests and reports. It must be noted that there are many companies that provide security tests, analysis and reports that simply employ a series of freely available tools to provide a penetration test. These tests meet only the requirements of a preliminary security test and in the most part will miss a number of the main vulnerabilities that can only be identified through manual exploitation.
Continuing management of both the security tests and the recommendation reports comprise a large part of the service we provide. We aim to provide a thorough solution from security testing to the resolution of security issues and possible breaches that the tests have highlighted. We provide a trustworthy solution that does not just employ scare tactics but that also provides a level of peace of mind in ensuring your systems are maintained securely in the future.