NETWORK SECURITY

What is Network Security?

A network security assessment is a type of audit that is designed to detect vulnerabilities in an organizational network. An improperly configured network can be compromised, resulting in harm to business operations and leaks of sensitive information. Network security should be a top priority for all organizations and encompass internal, external and social vulnerabilities.

Vulnerability Assessment

  • This type of approach is majorly concentrated on automated scanning.
  • The purpose of this audit is to look at the security of your network from outside and/or inside of the network.
  • It then will produce reports based on the weaknesses of parts of the network and the network as a whole.
  • VA security assessment repot will highlight areas of risk and will advise what changes need to be made.
  • VA Scan which might create a disruption in business continuity will always be avoided during working hours.

Penetration Testing

  • This type of approach covers vulnerability assessment as well as manual effort of penetration tester.
  • The purpose of this audit is focused on comptonization of targeted system
  • After mapping the infrastructure externally and/or internally pen tester start chaining the vulnerabilities to get Remote Code Execution.
  • Pen Tester will always use safe exploits for this purpose.
  • Exploit which create a disruption in business continuity will always be avoided.
  • This is more time consuming compared to the basic vulnerability assessment, but it will test the true strength of your network security and may uncover weaknesses that were not previously visible.

Methodology

  • Pre-Engagement

    In this section we will discuss about timelines, scoping, location, time of the day to test and other such requirement to start the assessment

  • Intelligence Gathering

    In this section we will perform active and passive information gathering. This will depend on the type of engagement, if it is External/Internal

  • Vulnerability Analysis

    Vulnerability testing is the process of discovering flaws in systems and applications which can be leveraged by an attacker. These flaws can range anywhere from host and service misconfiguration, or insecure network design.

  • Exploitation

    The exploitation phase belongs to penetration test which focuses solely on establishing access to a system or resource by bypassing security restrictions.

  • Report

    Provide recommendation and conduct debrief of identified vulnerabilities

  • Revalidation

    Once the reported vulnerabilities are addressed, we will conduct another round of testing to confirm the fixes of identified issues.

Frameworks

null

OSSTMM

Open Source Security Testing Methodology Manual (OSSTMM)
null

NIST

The National Institute of Standards and Technology
null

PTES

Penetration Testing Methodologies and Standards

Benefits For Your Business

  • Identify known security exposures before attackers find them.
  • Identify if a combination of lower-risk vulnerabilities could be exploited in a particular sequence to create a high-risk weakness
  • Identify weaknesses that are difficult or impossible to detect with a network vulnerability scanning software
  • Audit and measure the size of potential impacts of successful attacks from external and/or internal side of the organization
  • Define the level of risk that exists on the network.
  • Provide evidence to support increased investments IT or network security