Network Security Testing Techniques - PowerPoint PPT Presentation

About This Presentation
Title:

Network Security Testing Techniques

Description:

... for Penetration Testing. Network ... Penetration Testing ... Points of contact for the penetration testing team, the targeted systems, and the networks ... – PowerPoint PPT presentation

Number of Views:729
Avg rating:3.0/5.0
Slides: 19
Provided by: present260
Learn more at: http://www.cs.umd.edu
Category:

less

Transcript and Presenter's Notes

Title: Network Security Testing Techniques


1
Network Security Testing Techniques
  • Presented By-
  • Sachin Vador

2
System Development Life Cycle
3
System Development Life Cycle
  • 1. Initiation the system is described in terms
    of its purpose, mission, and configuration.
  • 2. Development and Acquisition the system is
    possibly contracted and constructed according to
    documented procedures and requirements.
  • 3. Implementation and Installation the system
    is installed and integrated with other
    applications, usually on a network.
  • 4. Operational and Maintenance the system is
    operated and maintained according to its mission
    requirements.
  • 5. Disposal the systems lifecycle is complete
    and it is deactivated and removed from the
    network and active use.

4
When is the Network Security Testing done?
  • It is done after system has been developed,
    installed and integrated during Implementation
    and Operational stages.

5
Tools and Techniques for Network Security
  • Network Scanning
  • Vulnerability Scanning
  • Password Cracking
  • Log Reviews
  • War Dialing
  • Wireless LAN Testing (War Driving)
  • Penetration Testing

6
Network Scanning
  • Scan for connected hosts
  • Scan for services running on the host
  • Scan for which applications are running those
    services
  • How Scanning takes place?
  • Ping the hosts using ICMP ECHO and Reply. Look
    for open TCP/UDP ports.
  • Operating system fingerprinting.
  • Not reliable as firewalls can be configured to
    camouflage the operating system.

7
Network Scanning
  • Vulnerabilities of IIS different from Apache.
  • Listen on the remote port.
  • Banner Grabbing.
  • Need human to interpret the results.
  • Preparation for Penetration Testing.

8
Network Scanning Results
  • Investigate and disconnect unauthorized hosts
  • Disable or remove unnecessary and vulnerable
    services
  • Modify vulnerable hosts to restrict access to
    vulnerable services to a limited number of
    required hosts (e.g., host level firewall or TCP
    wrappers), and
  • Modify enterprise firewalls to restrict outside
    access to known vulnerable services.

9
Vulnerability Scanning
  • Takes Network Scanning 1 step ahead.
  • Maintains database of vulnerabilities in
    operating systems.
  • They generate more traffic that port scanners.
  • Network based Scanners.
  • Host based Scanners.

10
Log Reviews
  • Dynamic picture of system activities.
  • Conformance with the security policies.
  • IDS sensors placed behind firewall.
  • Change Firewall Policies.

11
War Dialing
  • Unauthorized modems.
  • Dialing software can dial hundreds of numbers in
    short time
  • Block the inbound calls to the identified number
    if it is not possible to remove them

12
War Driving
  • Wireless Default Configuration is insecure.
  • Drive Test
  • Just need wireless network card and testing tools
  • Frequency of testing

13
Penetration Testing
  • It is a method of getting into the system by
    using the techniques used by the attacker.
  • Specific IP addresses/ranges to be tested
  • Any restricted hosts (i.e., hosts, systems,
    subnets, not to be tested)
  • A list of acceptable testing techniques (e.g.
    social engineering, DoS, etc.) and tools
    (password crackers, network sniffers, etc.)
  • Times when testing is to be conducted (e.g.,
    during business hours, after business hours,
    etc.)
  • Identification of a finite period for testing
  • IP addresses of the machines from which
    penetration testing will be conducted so that
    administrators can differentiate the legitimate
    penetration testing attacks from actual malicious
    attacks
  • Points of contact for the penetration testing
    team, the targeted systems, and the networks
  • Measures to prevent law enforcement being called
    with false alarms (created by the testing)
  • Handling of information collected by penetration
    testing team.

14
Penetration Testing
  • Blue Teaming
  • Red Teaming

15
Phases of Penetration Testing
16
Phases of Penetration Testing
  • Planning Phase
  • Goals are set. Permission is taken. No
    testing.
  • Discovery Phase
  • Testing starts. Port scanning is used to
    identify the vulnerabilities.
  • Executing the attack
  • Exploit the vulnerabilities.

17
Conclusion
  • Acceptable use guidelines (e.g., what is
    acceptable use of organization computing and
    network resources)
  • Roles and responsibilities (for users,
    administrators, management)
  • Authentication (e.g., passwords, biometrics)
  • Availability of resources (redundancy, recovery,
    backups)
  • Compliance (infractions, consequences and
    penalties).

18
Questions ?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Network Security Testing Techniques" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!