Why are Pentests important for network security?
While many organizations have vulnerability assessment tools in place to identify weaknesses in the network and keep on top of security, penetration testing (or pen testing) provides a nuts and bolts approach to cybersecurity.
Carried out by a skilled Penetration Tester, or Pen Tester - sometimes known as an ethical hacker or network security consultant - pen-testing ensures you are made aware of any weaknesses in your cybersecurity (both digital and physical) that criminals might try to exploit. As cybercriminals are discovering new vulnerabilities and weaknesses every day, regular pen testing is, therefore, an essential component of ensuring your organization is equipped with the information it needs to protect itself.
What is a pen test?
Pen testing typically comprises a range of audits, checks and tests to evaluate the security of IT infrastructure by safely trying to exploit vulnerabilities in your operating systems, applications, and device configurations. Pen tests can also help you detect risky end-user behaviour that needs to be addressed through cyber safety training.
Your chosen Pen Tester is likely to use a range of software and hardware to carry out a series of automated checks as well as expert manual tests, before preparing a detailed report of your organization’s security posture, along with any recommendations about improvements that should be implemented.
This process can take anywhere between one to four weeks to carry out, depending on the nature of your requirements. Costs can vary greatly (an average auditor rate is $200 per hour) depending on the complexity of your networks, the scope of the pen test, and the types of tools the Pen Tester needs to use in order to carry out their work. However, a good pen tester or company providing this service will scope out the parameters with you to determine what type of penetration testing is required, before undertaking any work.
What types of penetration testing are there?
There are a raft of different types of pen test available, which vary in their suitability depending on the size and nature of the business in question. However, carrying out a combination of those appropriate to your organization is a good idea as it highlights how secure each area of your network is and how easy it would be for someone to compromise it. The main types of penetration tests include; Network, Wireless, Cloud, Social Engineering and Physical testing.
• Networking pentesting is one of the most common pen tests. It identifies vulnerabilities within both your external and internal infrastructure. Testing usually includes; bypassing firewalls, router testing, IPS/IDS evasion, DNS footprinting, open port scanning and testing, SSH attacks, proxy servers etc.
• Wireless pentesting checks wireless devices within an organization such as tablets, smart phones and laptops. It typically includes; wireless encryption protocols, network traffic, unauthorized access points and hotspots, MAC address spoofing, SQL injections, DoS attacks, cross-site scripting, and password security checks
• Cloud penetration tests have become increasingly popular, with more and more data stored in the cloud, it’s become a key target for hackers. Common areas for cloud testing include; database and storage access, applications and API access, encryption, SSH & RDP remote administration, and poorly used firewalls and passwords
• Social Engineering tests centre around attempts to dupe employees into providing sensitive company information. Testing can include; phishing attacks, imposters (pretending to be fellow employers or suppliers), tailgating, name dropping, pre-texting, gifts, dumpster diving (online trash), bluesnarfing (Bluetooth), and eavesdropping (theft during transmission)
• Physical pentesting might not be obvious at first, but physical security systems shouldn’t be overlooked. These could include; RFID and door entry systems, personnel or vendor impersonation, and motion sensors etc.
Many of these tests can be automated using specialist software and/or hardware that provide evaluation reports, which your Pen Tester will interpret for your organization according to your risk profile.
What are the top ten types of tools Pen Testers have in their toolkit?
1. Configuration Auditing and Analysis Tools – this software is specifically designed to analyse the running configuration of the client’s device (endpoint or core network) and compare it to the ‘secure configuration’, as specified by the development case, vulnerability database, and/or relevant risk management framework. Some configuration analysis tools also provide technical fixes for any misconfigurations or vulnerabilities detected during the audit.
2. Vulnerability Scanners – scanning networks, ports, web servers and applications, vulnerability scanners simulate ‘external’ attacks on devices to extrapolate possible weaknesses to predict the client organization’s exposure. Some scanners also run ‘internal’ vulnerability scans in the same way, identifying flaws that hackers could exploit to move laterally to different systems in the organization.
3. Browser Exploitation Tools – searching for weaknesses beyond the hardened network perimeter and client system, these tools examine exploitability of the web browsers that the organization uses, to identify ways in which directed command modules via browsers could be used to attack internal systems.
4. Web Application Assessment Security Tools - using manual and automated security testing techniques, these tools test and analyze the security level and/or posture of Web applications used by the client’s organization.
5. Source Code Vulnerability Auditing Tools – also known as SAST tools, this software is designed to analyze source code or compiled versions of code to help find security flaws. This type of auditing is particularly useful for software developers during the development phase itself, providing immediate feedback on any security issues that might have been introduced into the code.
6. Network Protocol Analyzers – capturing network traffic data, this software performs analysis to check adherence to the set of rules determining the transmission of data between devices in the same network, in order to identify problems and/or potential malicious activity. Some protocol analyzers can also be used to monitor real time network threats.
7. Intrusion Detection Tools – also known simply as Intruder Tools, there are two main types of detection software - host-based (HIDS) and network-based (NIDS). The software detects anomalous activity and reports it for analysis so that the user can assess the risk to the organization and determine who has attacked the system.
8. Encryption and Wi-Fi Cracking Tools – also known as password cracking software, these tools automate the process of guessing or recovering passwords from stored locations or from data transmissions systems and via Wi-Fi facilities. Some tools are specifically designed to crack encryption on Windows devices, whilst others can be used on and for other operating systems.
9. SQL Injection Tools – SQL injection (SQLi) is a common form of attack against web applications used to gain control of the application by tricking it into sending unexpected SQL commands that enable the user to read sensitive stored data like database information and authentication credentials. Pen Testers use these tools to determine how securely sensitive databases are controlled.
10. Human Element Tools – testing the ‘human element’ of the client’s cybersecurity posture requires the human expertise of the Pen Tester, however, human element tools are useful for recording, monitoring and reporting on any issues found. This software also enables Pen Testers to record vulnerabilities manually discovered in design and business logic as well as any other complex risks discovered during the pen test.
Titania Nipper has long been a tool of choice for Pen Testers, for automating the granular, line-by-line ‘configuration analysis’ part of their client audits. Nipper accurately detects misconfigurations and vulnerabilities in the running configuration of a wide range of firewalls, switches and routers - saving Pen Testers up to 3 hours per device, per audit. Licensing flexibility gives Pen Testers a cost-effective, time-saving way to check core network devices for known vulnerabilities and assess compliance with key risk management frameworks.