Vulnerability Asses Vulnerability Assessment System Penetration and Analysis Testingsment System Penetration and Analysis Testing
In:
Submitted By traj30 Words 1156 Pages 5
| Vulnerability Assessment System Penetration and Analysis Testing |
|Memo | Internal Penetration Testing Tool and Purchase |
| | |
With the recent attack/hack on agency's network town police department authorities came to a decision to conduct a complete assessment on network vulnerabilities.
The main goal of this memo is to assess or evaluate the network penetration tools available in the market. Compare the tools. Cost to buy and implement these tools internally. Hire a professional service to evaluate these tools. In this memo we will cover the internal implementation at high level.
In the market there are many penetration tools like a. Nmap - Worlds Best Port Scanner b. Nessus - Vulnerability Scanner c. Metasploit - Exploit framework
For testing Vulnerabilities I picked the above three mentioned tools which are widely used in many organizations and would be perfect for this scenario. The penetration tools that could be used to conduct a vulnerability analysis are; Nmap and Nessus which provide a number of penetration testing techniques such as port scanning, Credentialed and uncredentialed scans, enumeration, patch, configuration network mapping, and cracking the password and Metasploit will help us in exploiting all the vulnerabilities found. Every tool needs an extensive knowledge and user to perform the Vulnerability Assessments.
The Tools
Nmap is a sophisticated scanning tool that is used to perform tasks, such as discovering open ports, remote scanning, version of service running, operating system on target system, monitoring and inventory etc. It utilizes many techniques to derive the useful data to various questions such as what OS is in use or which version that's running on a target machine which can be used later to protect the network successfully.
Nessus is a which is fairly complex vulnerability assessment tool used to identify network-based vulnerabilities, to find open file shares, to identifying Misconfiguration (for example open mail relay, missing patches, etc) Nessus can also be used along with the Nmap. However it’s only limited in find and identify vulnerabilities that it has been configured to find them and it might not be able to exploit vulnerabilities, meaning there may be chances that vulnerabilities which are unknown may not be picked up by Nessus. (Tenable Security, 2011)
Nessus and Nmap are the main tools used in analyzing the vulnerabilities. Performing a penetration test will be the next step. A pen test is done to exploit an attack if any malicious and unauthorized activity is possible and it’s carried after the vulnerability assessment is done where all the possible potential vulnerabilities are reported and identified.
Metasploit is my next tool in my consideration which is an exploit tool which could determines if a vulnerability can be further exploitable.Metasploit is a framework for developing and testing vulnerabilities however the user must code and functions and has command line only. It's a great tool for testing server security and it comes in three different versions
Limitations
But these tools cannot work independently as they will not be able to fulfill the requirements of finding vulnerabilities. Unless these tools are used together they cannot make up what they are lacking from another tools capability. Just like Nmap which cannot expose the vulnerabilities alone and cannot exploit vulnerabilities, but the information gathered by Nmap is very crucial to start a vulnerability analysis with Nessus or could exploit them through Metasploit. And not only that both these tools cannot scan the open ports independently but need to depend on Nmap to do those functions whenever necessary. And in the same manner Nessus cannot conduct exploitations alone on vulnerabilities and hence it depends on Metasploit to take those vulnerabilities to the next level of exploitation. Lastly, Metasploit is capable of assessing vulnerabilities before exploitation, but it helps in both Nessus and Metasploit to discover those many vulnerabilities
The costs of each tool approximately ← Nessus costs around $1,400 per year ← Nmap tool is a freeware ← Metasploit Pro cost around $16000 -$18,000 per year of liscence ← Security employees who have extensive training and Knowledge in utilizing above tools.
The Process
Step One:
Nmap, the Network Mapper can be performed on open ports on all the systems. Once the mapping is done, all ports use Nmap to enumerate services and operating systems and other more in depth system information. Once the scan has been completed, a report needs to be generated to answer below questions. ← If any unnecessary services have been discovered? ← How to disable all the unnecessary services? ← From the necessary services, what are the possibilities to configure the services differently to mask the OS and software performing the service?
Step Two:
Next Nessus can be used to perform on the ports, operating systems and services where a vulnerability assessment is identified. After analysis with Nessus a detail explanation should be reported for the following questions: ← For every vulnerability reported details need to be given what makes the system vulnerable in such a manner. ← What is the level of severity found and what actions can to be taken in order to fix the vulnerabilities from being exploited and how can we prevent them.
Step three:
Next with Metasploit try to exploit the vulnerabilities which are discovered. The Main purpose of conducting these exploitations is to find out the following steps for each vulnerability which was discovered if any of our applications, network or systems is vulnerable to exploits like buffer overflows system flaws and holes such as SQL injections etc . ← Was data able to be written to disk? ← What level of access was able to be achieved? ← Depending on the exploit, which services support it?
For all the vulnerabilities which are discovered and tested, create a report with recommendations and resolution to the vulnerability such as apply software patches, disabling of services, disabling unnecessary services, changing passwords and security processes etc.
Conclusions
When Nmap, Nessus, and Metasploit are used together, they are extremely useful suite of tools. In addition to these tools, Nmap, Nessus, and Metasploit, to provide the highest level of security on the information systems IT department needs to conduct these kinds of audits on a regular basis.
However using such tools every year on regular basis is very important that the developers and testers have an extensive knowledge for each of the selected tools. Otherwise it needs all the developers to learn and conduct testing using the applications provided in this distribution.
To use each tool all the users and testers need to have different level of user skills ,experience and Knowledge to conduct if not, developers will be pouring out many hours to find out the dead ends and false positives than actually vulnerabilities. Hence I suggest that if we are using the tools and conduct the analysis internally with our testers it’s important that penetration testers need to have extensive experience in their craft.
.