Network Penetration Testing
Network Penetration Testing
Network Penetration Testing
A network penetration test is a sequence of procedures done on a system or a network to determine the vulnerabilities that are inherent in the system and subsequently take the necessary steps to ensure the identified vulnerabilities are addressed. The system or network must have an existing security measure in place (Cole, 2011). These security measures are to be tested for their vulnerability, hence the term ‘penetration testing.’ In this case, the company wants to perform a penetration test to test the vulnerabilities in its private loaning operations. The company offers private loan facilities to students and performs its operations in conjunction with a number of external players that the firm partners with in order to facilitate the loan services. This document will outline the tests to be done on the firm’s network, the reasons for performing the tests, the possible vulnerabilities and will also identify he recommended actions to ensure the system’s security is tightened to reduce risks of hacking or breaching of the network.
Explain the tests you would run and the reason(s) for running them (e.g. To support the risk assessment plan)
A network penetration test is done sequentially. Before running any tests, information gathering and analysis of this information is crucial. The gathering of the information is meant to identify the system and all its components, as well as how the network operates. Netcraft.com offers an excellent tool that will help at this stage of testing. The free online tool eases the process by troubleshooting the network and delivering a report of all the visible hosts and connections to the network. Information gathered in this stage is not only crucial in the preliminary steps of the exercise, but is often invaluable in the later stages of the network penetration test.
A network survey is done after the initial stage. A network survey is meant to provide more information regarding the network. Results of a network survey will include the IP addresses of all the systems that are linked to the network, the domain names of the systems, the server names, a network map, as well as the network service provider information. The Nmap tool is an important tool in carrying out a network survey. The importance of a Nmap tool is highlighted especially when scanning large networks such as the one in question. The Nmap tool will also help in identifying the type of packet filters that the network has and the firewalls in place within the system.
All the gathered IP addresses are compared against the registry to determine if they belong to the organization. Domain registry information, in this case, is crucial to help in comparing the recorded and identified addresses against the registered addresses that belong to the company. In this stage, it is possible to find out other addresses that may belong to people eavesdropping on the network or that intend to breach the network. The potential discoveries highlight the importance of this stage in the network penetration exercise.
Port scanning is also done simultaneously with the network survey process. In fact, the Nmap tool will help out with this as well. The Nmap tool scans all the ports in the network, both the UDP and the TCP ports. The port scanning exercise reveals the available ports and the ports being used in the network. System information is then associated with the IP addresses at his point. The Nmap tool is also important at this point. The tool does an OS finger-ptinting exercise that associates all the IP addresses with the operating system in which the IP addresses are being run.
All the stages above will help in gathering and in the analysis of the gathered information. At this point, the vulnerabilities will most probably not be identified though it is possible to determine some glaring weaknesses within the system. After gathering the information and looking forward to the detection phase, theoretical knowledge will come in handy. It does not make sense to do testing on all possible threats. Some threats are not possible within certain networks. Additionally, some testing procedures are too demanding and may not be worth the cost, or the time, especially depending on the possible damage the possible threat poses to the organization (Maynor, 2011).
In this case, some knowledge has been obtained that is crucial to the network penetration exercise. Some of the gathered information includes; the business’s internal network is separated from its DMZ by a firewall. Secondly, all departments in the organization, including he finance, IT, development and marketing departments, connect to the network through the same network switch. Essentially, this means that all the departments are in the same LAN. The Help desk and the senior management, however, are not in the LAN and operate on their own network, but are connected to the system through an Ethernet hub. Thirdly, Workstations are either windows 98 or windows XP. Additionally, the workstations are never updated and do not run any service packs. Thirdly, the servers are running on Windows 2000 server, and another runs on IIS V5. Lastly, the internal server running the Active Directory runs on LM instead of NTLM. All these facts, already reveal a host of problems, ranging from outdatedness, inefficiencies, insecurities, as well as incompatibility issues. The outdateness also puts the network at risk of hacking the systems that do not have the latest security updates. These issues are just a number of problems that the penetration testing exercise intends to uncover and the vulnerabilities the systems have.
Determine the expected results from tests and research based on the specific informational details provided. (I.e., IIS V5, Windows Server 2000, AD server not using NTLM)
First, the two servers, one running on Windows server 2000 and the other running on IIS V5 have limitations that put the network at risk. Windows Server 2000 is no longer being supported by the Microsoft company. Essentially, it means that people are running their servers using the Windows server 2000 run the risk of intrusion as they can no longer guarantee their safety due to the lack of security updates. Often, malware creators target unsupported operating systems with the release of malicious code.
Secondly, using IIS V5 also presents security challenges to the organization. The software has a vulnerability that can allow an attacker to access the system and to elevate the privilege control system that requires authentication before one can log into the system. The attack is possible via an anonymous attacker creating a http. Request to the server and gaining access to directories within the system that normally require authentication. Essentially, exploiting such a vulnerability puts all the student’s personal information regarding the loans at risk of being exposed or obtained by malicious attackers.
Thirdly, the AD server runs on LM instead of NTLM also presents security challenges to the organization. LM has a weak control protocol that attackers can exploit within the system. NTLM was introduced specifically to address the problems and the security problems in the previous LM system. NTLM was introduced in the operating system Windows NT. Essentially, the NTLM system runs two password hashes, the LM password hash and the NT password hash. The two passwords hashes make the system more secure and not easily cracked by malicious attackers.
Apparently, the present system is structured in such a way that most of the departments, including the finance, marketing, development and the It department are connected to the network through the same enterprise switch. Sharing the same security switch introduces a number of challenges to the system such as increasing the chances of collisions of packets in the system, increasing chances of attacks, and slowing the system due to the strain the system handles. It is more difficult to prevent access to some parts of the system by some network users due to the sharing of the same switch. Hackers also have an increased opportunity of intercepting data in such a network.. Using one switch for all the departments increase the chances of the network failing. If the switch malfunctions, there is a risk of the company’s network losing connectivity to the network. The ability to scale with an increase in demand is also significantly reduced with the use of a single switch. Using such a flat network is attractive due to its reduced administration costs. However, the network is preferable in networks with little requirements as well as low-security requirements such as a home network.
All the workstations are running on either Windows 98 or windows XP. Microsoft has since stopped supporting the two operating systems. Malicious attackers often target unsupported operating systems when developing malware. Essentially, it means that all the workstations are running outdated software with a higher risk of being targeted by malicious attackers or viruses. For a firm that deals with sensitive information such as private loans to students and also partners with a number of external players, it is of utmost importance that such systems run on the most sophisticated and secure systems because of the sensitivity of the information concerned.
Analyze the specific software tools you would use for your investigation and reasons for choosing them
Netcraft.com Tool is an online resource that will come in handy in the information gathering and analysis stage, before embarking on the actual threat detection phases. The tool has many advantages and helps make the penetration testing easier. Before the actual testing, gathering information helps in identifying the potential areas of system or network vulnerabilities. The tool examines the network and reports back with a number of hosts that are visible in the network, the operating system the online system in running on, as well as sever up-time. The online resource is free and provides crucial information useful in the network penetration exercise.
Secondly, a network survey exercise, an important data gathering, and analysis exercise is possible via the use of the Nmap tool. The Nmap tool scans large networks and is ideal for the exercise in question. The Nmap performs a similar function to the netcraft.com service, but it provides more information and gives a more comprehensive report. The tool provides information on the type of operating system that hosts in a network are running on, the packet fiters used in the network, as well as other characteristics in the network such as speed, usage statistics, logging information, and server up-time. The Nmap tool also does port scanning to identify all the ports in the network and for particular addresses. Through the information availed by the Nmap tool, it is possible to know the free ports and the ports that hackers can exploit when hacking. Ideally, the same ports are also used for the network penetration exercise. The Nmap tool is also important in performing an Operating system fingerprinting exercise. In this exercise, the various identified IP addresses, as well as the ports, can be associated with the operating system in which the users are using to access the network. The Nmap tool also offers a number of benefits to network penetration testers and is considered a must-have tool in the network penetration exercise (Harris et al., 2011).
Describe the legal requirements and ethical issues involved
A network penetration test is an exercise dogged by both legal and ethical concerns. A network penetration test borders on illegalities, though proper documentation needs to be used before the actual exercise can begin. Essentially, network penetration tests and hacking are the same. However, a network penetration is approved by the company’s management. Before a network penetration test exercise, the testing firm meets with the company’s management to determine the extent of testing to be done and to enable the testers to sign documents regarding the test exercise. While performing the test, the test group usually gains access to personal information. The signing of documents before the exercise legally binds the testing firm to non-disclosure of personal customer information obtained during the testing period. The company is also required to destroy the information upon receiving the information from the testers. Otherwise, it would constitute a criminal offense and a breach of contract for the personal information to be in the hands of the company without the consent of the clients or its customers (Faily, McAlaney & Iacob, 2015).
Signing the relevant documents regarding the test exercise also helps to protect the network penetrators from possibilities of being sued in case of accidents that may happen during the penetration exercise. It is also possible for hackers to take advantage of the penetration exercise to gain access into the system. Hackers may be able to obtain the information that a penetration exercise is imminent and take steps to use the exercise as a cover for their malicious intentions. A penetration exercise has the risks of making the system more vulnerable. It is, therefore, advisable that the penetration exercise be carried out with absolute discretion. For network penetrators, it is crucial that they maintain professionalism in the case that they access personal information by destroying it or giving it back to the company for destruction (Faily, McAlaney & Iacob, 2015).
Provide a diagram of how you would re-design this business network. Include a description of your drawing
The different PCs represent different workstations throughout the entire company. The existence of more than one switch is a representation that each department needs its own switch for its workstations. A WiFi-router can be used to wirelessly supply an internet connection to gadgets such as laptops and smartphones within the company facilities.
Propose your final recommendations and reporting. Explain what risks exist and ways to either eliminate or reduce the risk.
Evidently, the present system has several vulnerabilities. Most of the vulnerabilities are easily recognizable and can be addressed by changing the network configuration and obtaining new hardware additions. A number of suggestions that can be recommended for the present system include;
One, redesigning the network configuration to enable each department to connect to the internet through different switches. The new configuration has the added advantage of ensuring that the possibility of hacking and data intrusion is minimized. The possibility of slowing networks is also reduced, and collisions within the system, as well as system failures are minimized.
Secondly, Improving from the existing operating system and AD servers from the existing LM AD server to the NTLM AD servers. The upgrade will make the system more secure and less vulnerable to malicious attacks from hackers.
Thirdly, get new workstations for the company employees and systems.The company can improve the workstations’ hardware components as well as obtain software upgrades for the new hardware additions. It is also important to ensure that the workstation’s software is constantly being upgraded and updated with security updates to ensure that malicious spyware and virus attacks cannot affect the system.
It is also important to develop more than one database or the storage of information. Presently, all the company’s data is being stored in the same database. The risk of paralyzing the company operations is higher with this kind of set-up. Getting back-up systems as well as splitting the database to have several databases for the various departments with a central back-up option is the best way forward.
Cole, E. (2011). Network security bible (Vol. 768). John Wiley & Sons.
Faily, S., McAlaney, J., & Iacob, C. (2015). Ethical Dilemmas and Dimensions in Penetration Testing.
Harris, S., Harper, A., Ness, J., Williams, T., & Lenkey, G. (2011). Gray Hat Hacking.
Maynor, D. (2011). Metasploit toolkit for penetration testing, exploit development, and vulnerability research. Elsevier.