Scanning a Target Network
Lab Scenario
Vulnerability scanning determines the possibility o f network security attacks. It evaluates the organization’s systems and network for vulnerabilities such as missing patches, unnecessary services, weak authentication, and weak encryption. Vulnerability scanning is a critical component of any penetration testing assignment. You need to conduct penetration testing and list die direats and vulnerabilities found in an organization’s network and perform port scanning, network scanning, and vulnerability scanning ro identify IP/hostname, live hosts, and vulnerabilities.
Lab Objectives
The objective of diis lab is to help students in conducting network scanning, analyzing die network vulnerabilities, and maintaining a secure network.
You need to perform a network scan to:
■ Check live systems and open ports
■ Perform banner grabbing and OS fingerprinting
■ Identify network vulnerabilities
■ Draw network diagrams of vulnerable hosts
Lab Environment
111 die lab, you need:
■ A computer running with Windows Server 2012, Windows Server 2008. Windows 8 or Windows 7 with Internet access
■ A web browser
■ Administrative privileges to run tools and perform scans
Lab Duration
Time: 50 Minutes
Overview of Scanning Networks
Building on what we learned from our information gadiering and threat modeling, we can now begin to actively query our victims for vulnerabilities diat may lead to a compromise. We have narrowed down ou1 attack surface considerably since we first began die penetration test widi everydiing potentially in scope.
Note that not all vulnerabilities will result in a system compromise. When searching for known vulnerabilities you will find more issues that disclose sensitive information or cause a denial of service condition than vulnerabilities that lead to remote code execution. These may still turn out to be very interesting on a penetration test. 111 fact even a seemingly harmless misconfiguration can be the nuiiing point in a penetration test that gives up the keys to the kingdom. For example, consider FTP anonymous read access. This is a fairly normal setting. Though FTP is an insecure protocol and we should generally steer our clients towards using more secure options like SFTP, using FTP with anonymous read access does not by itself lead to a compromise. If you encounter an FTP server that allows anonymous read access, but read access is restricted to an FTP directory that does not contain any files that would be interesting to an attacker, then die risk associated with the anonymous read option is minimal. On die other hand, if you are able to read the entire file system using die anonymous FTP account, or possibly even worse, someone lias mistakenly left die customer's trade secrets in die FTP directory that is readable to die anonymous user; this configuration is a critical issue. Vulnerability scanners do have their uses in a penetration test, and it is certainly useful to know your way around a few of diem. As we will see in diis module, using a vulnerability scanner can help a penetration tester quickly gain a good deal of potentially interesting information about an environment.
111 diis module we will look at several forms of vulnerability assessment. We will study some commonly used scanning tools.
Lab Tasks
Pick an organization diat you feel is worthy of your attention. This could be an educational institution, a commercial company, or perhaps a nonprofit charity.
Recommended labs to assist you in scanning networks:
■ Scanning System and Network Resources Using Advanced IP Scan ner
■ Banner Grabbing to Determine a Remote Target System Using ID Serve
■ Fingerprint Open Ports for Running Applications Using the Amap Tool
■ Monitor TCP/IP Connections Using die CurrPorts Tool
■ Scan a Network for Vulnerabilities Using GFI LanGuard 2 0 1 2
■ Explore and Audit a Network Using Nmap
■ Scanning a Network Using die NetScan Tools Pro
■ Drawing Network Diagrams Using LANSurveyor
■ Mapping a Network Using the Friendly Pinger
■ Scanning a Network Using die Ne s sus Tool
■ Auditing Scanning by Using Global Network Inventory
■ Anonymous Browsing Using Proxy Sw itcher
■ Daisy Chaining Using Proxy Workbench
■ HTTP Tunneling Using HTTPort
■ Basic Network Troubleshooting Using the MegaPing
■ Detect, Delete and Block Google Cookies Using G-Zapper
■ Scanning the Network Using the C olasoft P a ck e t Builder
■ Scanning Devices in a Network Using The Dude
Lab Analysis
Analyze and document die results related to die lab exercise. Give your opinion on your target’s security posture and exposure duough public and free information.
Không có nhận xét nào:
Đăng nhận xét