This chapter discusses at a high level the rationale behind Internet-based network security assessment and penetration testing. To retain complete control over your networks and data, you must take a proactive approach to security, an approach that starts with assessment to identify and categorize your risks. Network security assessment is an integral part of any security life cycle.

From a commercial standpoint, assurance of network security is a business enabler. As a security consultant at the time of writing, I am helping a particular client in the retail sector to deploy and secure an 802.11b wireless network for use in nearly 200 stores across the United Kingdom. This wireless network has been designed in a security-conscious manner, allowing the retailer to embrace wireless technologies to improve efficiency and the quality of their service.

Shortcomings in network security and user adherence to security policy often allow Internet-based attackers to locate and compromise networks. High-profile examples of companies who have fallen victim to such determined Internet-based attackers over the last four years include:

• RSA Security (http://www.2600.com/hacked_pages/2000/02/www.rsa.com/)

• OpenBSD (http://lists.jammed.com/incidents/2002/08/0000.html)

• NASDAQ (http://www.wired.com/news/politics/
  0,1283,21762,00.html)

• Playboy Enterprises (http://www.vnunet.com/News/1127004)

• Cryptologic (http://lists.jammed.com/ISN/2001/09/0042.html)

These compromises have come about in similar ways, involving large losses in some cases. Cryptologic is an online casino gaming provider that lost $1.9 million in a matter of hours to determined attackers. In the majority of high profile incidents, the attackers used a selection of the following techniques:

• Compromising a poorly configured or protected peripheral system that is related to the target network space or host using publicly available exploits, such as scripts available from Packet Storm (http://www.packetstormsecurity.org) and other archives

• Directly compromising key network components using private exploit tools, such as scripts that the attacker or his hacking group have developed for their own personal use

• Compromising traffic and circumventing security mechanisms using ARP redirection and network sniffing

• Compromising user account passwords and using those passwords to compromise other hosts where the user may have an active account

• Abusing blatant system or network configuration issues, reading sensitive information from publicly accessible web folders, or bypassing poor firewall rules that open up the network to attack

To protect networks and data from determined attack, you need assurance and understanding of the technical security of the network, along with adherence to security policy and incident response procedures. In this book, I discuss assessment of technical security and improving the integrity and resilience of IP networks. Taking heed of the advice presented here and acting in a proactive fashion ensures a decent level of network security.