Identify Network Security Weaknesses
Network security - and network penetration testing by extension - evolves as quickly as the technology it’s built. So far penetration testing services that go beyond a simple vulnerability scanner, you need experts in the industry. Core Security Labs’ approach to network pen-testing goes above and beyond standard vulnerability analysis. With decades of combined security experience, our assessment team identifies, exploits, and documents even the most subtle of network vulnerabilities.
Why Do You Need a Network Penetration Test?
A network penetration test provides your organization with a unique birds-eye view of your security system’s effectiveness. For, example newer companies may not yet have a handle on their network security. Conversely, more mature companies often have large, multi-faceted networks that are easily overlooked elements-particularly as more organizations move to cloud-based systems. Unfortunately, both of these scenarios leave the potential for catastrophic breaches.
In either case, you will be made aware of security flaws before attackers can exploit them. With this powerful foresight, business leaders will feel prepared to make informed decisions about their enterprise’s security. In addition, demonstrating your newly hardened security posture, your clients, partners, and investors will feel confident in your ability to protect their assets, as well.
Manual vs. Automated Network Testing
The trouble with using automated scanners is best described with the words of Mark Twain: “Knowledge without experience is just information. These scanners often miss subtle security risks-it takes an experienced individual to understand the application context and how logic could be abused. Many vulnerabilities are not found in these automated vulnerability scanners.
Core Labs’ expert security engineers often employ the help of vulnerability scanners in the preliminary stages of an assessment, though it is only the beginning. We can be more relevant to your clientele and individual security needs with a granular understanding of the application and its context.
External Network Assessment
Your perimeter network is attacked every day, and even minor external vulnerabilities can be damaging. External network penetration testing identifies vulnerabilities on infrastructure devices and servers accessible from the internet.
External penetration testing assesses the security posture of the routers, firewalls, Intrusion Detection Systems (IDS), and other security appliances which filter malicious traffic from the internet.
Internal Network Assessment
Core engineers approach the local area network as an attacker on the inside. First, we look for privileged company information and other sensitive assets. This involves incorporating various tools, uncovering user credentials, and attempting to compromise both virtual and physical machines present in the network environment.
The benefit of this engagement is in ensuring a breach of your external network will not result in a violation of your assets.
Wireless Network Pen-testing
Wireless (WiFi) networks may be susceptible to attacks of all kinds, depending on the wireless clients, access points, and wireless configurations. New exploitation against WiFi networks is being developed every day, such as the recent KRACK vulnerability, which allowed malicious actors to break the encryption protocol between most routers and connected devices.
WiFi is a hotly pursued target, as a compromise of the wireless network is generally the fastest means to the internal network. Poor configuration and weak protections could leave your internal information exposed to anyone in range with a laptop or smartphone. As such, Core tests the scope of the target network and its exposure to potential attacks. Our testers test for ‘Wireless Bleeding,’ where we identify the distance a potential attacker can pick up your wireless signal.
Our Network Pen-test Methodology
Core Labs excels at operating under a structured, repeatable methodology. We stress this concept in every engagement to ensure our findings are reliable, reproducible, and of excellent quality. As such, our vulnerability assessments can always be verified by your team, both before and after remediation. To get these results, we adhere to the following steps:
Effective communication with the client organization is emphasized here to create an operating environment comfortable for both parties. During this phase, we accomplish all of the following:
Outline which assets of the organization are open to being scanned and tested.
Discuss exclusions from the assessment, such as specific IP addresses or services.
Core Labs’ pen-tester collects as much information as possible on the target, employing many OSINT (Open Source Intelligence) tools and techniques. The gathered data help us understand the organization's operating conditions, which allows us to assess risk accurately as the engagement progresses.
Targeted intelligence might include:
- External network IP Addresses and Hosting Providers
- Known credential leaks
- Domains in use by the organization
- Misconfigured web-servers and leaked data
- IoT systems in use by the organization
Enumeration and Vulnerability Scanning
In this phase, we utilize various automated tools and scripts, among other methods of advanced information gathering. We also take the time to examine all possible attack vectors closely. In the next stage, this gathering and planning will be the basis for our exploitation attempts.
- Enumerating sub-domains and directories
- Open ports or services
- Checking possible misconfigurations against cloud services
- Correlating publicly and proprietary vulnerabilities with applications on the network
Attack and Penetration
After careful preparation, the focus turns to exploiting the discovered network vulnerabilities. Core engineers begin working to prove the existence of conceptual attack vectors while preserving the integrity of the network. At this point in the engagement, we start the following tasks:
- Compromising sandboxes and test environments
- Using breached credentials or brute force to access privileged information
- Combining attack vectors to pivot across the network or escalate our position in it
Reporting and Documentation
Reporting is critical to the success of the assessment, as it provides lasting documentation to share with management and vendors. Each report is customized to the specific scope of the assessment and risk based on the individual organization. As a result, the reports are intuitive to read but thorough in the findings. In addition, each vulnerability includes a detailed remediation strategy. Some of the elements that you will find in our reports include:
- An executive summary for the strategic direction
- A walk-through of technical risks
- Multiple options for vulnerability remediation
- The potential impact of each vulnerability