Penetration Testing and Vulnerability Assessment

It has come to our notice that the safety of our organization has been compromised. The IT security department discovered that there was a hacking done into our system. This puts the agency and the matters that it treats with confidentiality at stake. Anyone can easily access the information of the organization and put it in the public domain an issue which will be selling the agency to risks of the massive integral danger. The system might have been hacked into due to leakages in our network ports or some other network weaknesses. Not to speculate much, our network security department is in the process of ensuring that this leakage is sealed.

It would have been more appropriate to outsource for a security consulting firm. This is because the firms have the adequate tools and team that definitely have enough experience in matters of the network security. Nevertheless, the department is moving in to conduct a preliminary penetration test to determine the main cause of this leakage. (Tipton & Krause, 2007)

To combat this problem that has struck our organization, the department will need to purchase tools that are currently not available within the confines of our organization. These tools will be put into useful application under the care of the department. Our network security department would kindly like to request the management to approve the purchasing of the tools. This should be ideally done as fast as possible before the worse culminates into the worst. This will tentatively need the support of the agency management to help see its implementation. Below are the tools that we will need to purchase for the use in this project.  It is important to note that the tools to be purchased are under the umbrella of below classifications. There are types of each that our team will carefully help to purchase depending on our system requirements. Our main objective is to provide the security assurance for our network system

Tools and Description

Port Scanner

A port scanning tool is used to collect information on the system that is being tested on a given local network location. Particularly, port scanners are used to determine the online services that may be detected and available to be connected on every host that is targeted.  They do their work by probing all the identified network ports that are on the target system. Majority of the port scanners have the ability to scan both TCP and UDP ports. Many port scanners can also target a particular list of ports and are subjected to configuration for the speed and the sequence of port that they do. Most port scanners are able to undertake a diversity of port probes. These can be listed as follows; SYN-SYN-ACK-ACK, a TCP ports sequence and half scans.

Another attribute of a port scanner is the ability to deduce the type of the operating system and many times the number of the version, which depends on taking a close observation the empirical attribute that is possessed by it when it is probed with different TCP flag settings. They are able to implement this because a lot of TCP/IP settings differ in their specifications of responses which are given to probes. Besides, they are not addressed specifically by the internet convention.  The importance of the port being flexible to configure is so that the tester can be adequately agile while testing various port configuration, moreover, in trying to hide from different methods of intrusion detection.  

  This could be particularly important for testing production or close to production network surroundings. Its usefulness is limited to the purposes that have been pointed out here.

Vulnerability Scanner

 The basic difference between the vulnerability scanner and the port scanner is that the first one is trying to exercise some known vulnerabilities on the targeted system. Port scanners, on the other hand, produce a record of existing services. Nevertheless, the distinguishing factors between the two are often very slim. Besides that, a good vulnerability scanner is a good penetration testing tool. It provides the efficient means of probing each host network service. Moreover, it works from a special data base of the suggested network. It exercises each of these defects on every service that can be accessed and in the range of system in question. This allows it too exhaustively and quickly searches for configuration weaknesses in the system under target, as well as software of the network server.

 Common vulnerability scanners are specifically used to scan the operating system that is targeted plus components of network structure and also some more TCP/IP machine on a system of network, to check for operating system level weaknesses. They do not have the ability to probe applications that are used for general purposes. This is because they do not have the knowledge base on how the unknown application operates.

Some scanners can try to take advantage of the network trust by repeatedly scanning the network on target on every host that can be compromised. This is a capability that can be put into best use for the CIO audience since it allows the testing team to describe how an attacker can enter into a corporate network. It is not that important in the testing process in the computer, but rather useful for explaining how a weakness can grow to be a large scale compromise. Host based vulnerability scanners available too both commercially and the community. They scan the operating system of a host for weaknesses which are known and unpatched software and problems of configuration, such as file access control and defects of user permission.

Despite the fact that they do not obviously analyze the software, their other use can be discovering mistakes that are generated in access control and in the process of configuration and its other attributes. They are therefore useful in helping with development driven penetration test in the bid of spotting error made by human in the configurations.

Despite the fact that the network-based and host vulnerability scanners are not so importantly used in the application of the level penetration. However, they are very important and are used in penetration tests. A popular vulnerability scanner is the Nessus. Popular types of industrial vulnerability scanners are such as core impact and Qualy’s Guard. (Snedaker & McCrie, 2007)

Application Scanners

 Application scanners came because of taking the vulnerability scanner a step forward. It was a move to carry out probing of a common application that was web-based by employing a number of common attacks known on each application and page of every application. Most of these application scanners have the ability to check on the normative behavior as far as the functioning is concerned on an application and then try a series of attacks on the application. The examples of attacks employed are as follows; buffer overruns, SQL insertion, cookie manipulation and cross-site scripting. This tool tests are only for a small set of attacks.

Most common application scanners include the following; watch fire’s Appscan, and SPI Dynamics.

Generally the primary intentions for penetration testing are basically two; the detection of unpatched or systems that are improperly configured in an existing network environment. Secondly, penetration testing is intended at testing those application environments that have been newly designed before they are put into production.   

Limitations of These Tools 

Sometimes, port scanners cannot detect open ports and rather consider them filtered. The problem here is that angry scanners do not wait long enough for response to arrive from the host. On windows, the problem can be caused by TCP rate limiting. TCP scanners do not work on windows because of the limitation by operating system.

The vulnerability scanners do not have the ability to probe applications that are used for general purposes. This is because they do not have the knowledge base on how the application that they are not very familiar with operates. In vulnerability scanning, there is a normal development of false positives. Vulnerability scanning is time and resource consuming and consequently causes large expenses for an organization. There are instances of degrade during the penetration process. Equipment night fail during the penetration test period if vulnerability testing is used. (Schifreen, 2006)

Application scanner only tests for small and simple attack profiles. In this testing, passing all the tests might mean a misplaced sense of security. There are various versions of these tools that can be usefully employed to check and mitigate, in case of any possible vulnerability in the system. The fear of any limitation when using any of these tools will be taken care of by making use of the right choice of tools.

How the Tools are Used

Penetration tools are incorporated into the network system to analyze the system for any possible vulnerability. This analysis is undertaken from the position of the possible intruder and involves rigorous exploitation of security vulnerabilities. Security issues discovered are presented to the owner of the system. When the penetration is done effectively, it will be followed by accurate assessments of the impending effects on the organization. This is coupled with measures that can be applied to counter the effect or to prevent any other possible attacks.