I offer a range of system and network testing services to verify the security of your IT systems, whether exposed to the Internet or internal. The services detailed below can be applied to any size or kind of business, and I always provide a custom quotation for each task. Contact me to arrange an initial meeting, where we can discuss your requirements in detail, and I will put together a quotation that exactly matches your needs.
Remote Server Testing
Often referred to as Penetration Testing or Vulnerability Assessment, this type of testing involves:
- Scanning of Internet-facing services from a remote location;
- Analysis of discovered services for known vulnerabilities, whether exploitable or not; and
- Production of a report containing findings, assessment of potential impact, and recommendations.
The test can be performed against any server or service exposed to the Internet, which may include:
- Firewalls and other network infrastructure
- Web servers
- Database servers
- Mail servers
In this type of test, the vulnerabilities identified will be purely at the network/service level – no application-level testing will be undertaken (for this, I offer a separate Application Security Testing service). For example, known vulnerabilities in a Web server may be identified, but no attempt to investigate input validation processes (such as search fields, user registration fields, etc.) will be made.
Testing at this level will generally be undertaken as a non-authenticated user (i.e. a ‘blind’ Internet attacker), but depending on the service offering it may be possible to perform some testing against authentication mechanisms.
The ‘generic’ Internet attacker is assumed to have a motive for breaching Confidentiality, Integrity or Availability, and to have the means and opportunity to do so, although the impact of such a breach will vary, depending on the particular service or information under attack.
There are various levels of service I can provide when undertaking remote testing:
- Automated Vulnerability Analysis – I can perform a simple and cost-effective automated remote vulnerability analysis on any Internet-facing server. No validation of results obtained from automated tools will be undertaken, however, and so some ‘false positives’ may be reported; the business context will also not be considered in the assessment of impact for each vulnerability.
- Filtered Vulnerability Analysis – in this test, following the Automated Vulnerability Analysis, I will personally and manually validate the results. In this way, ‘false positives’ are eliminated from the final report, and the impact of the remaining vulnerabilities can be assessed in the business context.
- Remote Infrastructure Audit – this service, which is primarily an information-gathering exercise (no vulnerability analysis takes place), attempts to ‘map’ the Internet-facing infrastructure surrounding any server or service, potentially identifying anomalies in configuration, unidentified hosts within the environment, means by which firewalls could be bypassed, or generally highlighting areas where the infrastructure design could be improved.
Local Server/Service Audit
This type of testing involves:
- Logging in to server(s) or other device(s) within scope;
- Analysis of file system and running services to validate permissions and necessity of services; and
- Production of a report containing findings, assessment of potential impact and recommendations.
Note that this service is again designed to be performed from a remote location, and so a valid server login mechanism (e.g. SSH, Remote Desktop, etc.) must be provided. In order to perform a full audit, a root- or administrator-level account will be necessary, although some results can be achieved as an unprivileged user.
Depending on the sensitivity of the service under review, release of authentication information and provision of remote access may be unacceptable to your organisation – a site visit can certainly be arranged at a mutually-convenient time.
The test can be performed against any server with an Internet-facing management interface, and will review:
- File system permissions;
- Application configuration and execution privileges;
- Software versions and patch levels;
In this type of test, the vulnerabilities identified will be purely at the system/service level – no application-level testing will be undertaken. For example, dangerous permissions in the file system may be identified, but no remote exploitation of those permissions will be attempted.
Testing at this level will necessarily be undertaken as an authenticated user, since it is system configuration under review, rather than an analysis of exploitable vulnerabilities. Operating with root/administrator privileges will provide the most comprehensive results in terms of system configuration, whilst operating as an unprivileged user will identify areas in which such users may breach system security when logged in to the server (privilege escalation).
I can provide different levels of testing when remotely examining system configuration:
- Automated Vulnerability Analysis – I use a combination of Open Source, commercial and in-house software tools to run an automated analysis of a system without installing additional software on the server itself. Such tests can be automated, although as with remote vulnerability analysis, no verification of results will be performed following a simple automated test – findings will simply be reported, and ‘false positives’ may occur.
- Filtered Vulnerability Analysis – following the automated analysis, I will personally and manually validate the results, as well as perform additional audit tasks that can’t be automated. In this case, ‘false positives’ will be eliminated from the final report, and the business context can be considered in assessing the findings.
Additional Technical Security Testing Services
The following are additional types of testing that I can help you with, but the list is not exhaustive – if you’d like more information, or there is a form of technical testing you have in mind that I haven’t covered, please contact me to discuss your specific needs, and I will provide you with a customised quotation that meets your needs.
Internal Network Audit
Many organisations’ networks have ‘evolved’ over time, and with such gradual growth it is common for network administrators to lose track of precisely what is in place and where. This service involves:
- A visit to a client’s site;
- Connection to an appropriate point on the network;
- Remote mapping and scanning to identify all running hosts; and
- If required, automated vulnerability analysis of identified hosts.
The final report will present as accurate a view of the internal network as possible, and highlight any unusual or dangerous hosts or services I discover. If required, this exercise can also be undertaken passively (i.e. without active scanning, just watching the network for active hosts).
Several levels of service can be provided:
- Automated Network Audit & Discovery – a simple automated scan may contain ‘false positives’, but will present a ‘snapshot’ view of a customer’s network at the time of scanning.
- Filtered/Manual Network Audit & Discovery – a more advanced semi-automated/semi-manual scan will eliminate many of the ‘false positives’ and potentially identify hosts and devices not easily located using an automated process.
Public/Private Information – Data Mining
It is often surprising to discover how much information relating to an organisation can be gleaned from public information sources. Whilst it is unusual for sensitive data to be directly available, aggregated information can frequently represent an unacceptable exposure.
I can examine information sources available to a determined external party to assess whether an excessive level of information is available, and make recommendations to reduce an organisation’s exposure.
Wardialling is rarely a requirement during modern security testing, but still represents a valid test. It involves dialling a provided range of telephone numbers in an attempt to obtain a data signal, and then identifying the responding service. It may also be possible to attempt to gain access to the remote system, depending on its nature. In this way, unauthorised dial-up modems and other remote-access services can be identified.
Wardriving is the wireless (WiFi) equivalent of wardialling, and involves locating and testing the security of any wireless networks exposed beyond an organisation’s boundaries.
Tell me how I can help…
Contact me now to arrange a free meeting to discuss your security issues in detail. As always, the first meeting for a new client is free of charge!