If you want to run a business with a website, security must be high on your list of important matters to get right up front. In this article, you will learn about Internet-based network security assessment and penetration testing, which can help you determine your website's risk of being successfully attacked -- and what to do to fix any problems. It is taken from chapter one of the book Network Security Assessment by Chris McNab (O'Reilly, 2004; ISBN: 059600611X).
Most security providers (both service and product companies) offer a number of assessment services branded in a variety of ways. Figure 1-1 shows the key service offerings along with the depth of assessment and relative cost. Each service type can provide varying degrees of security assurance.
Vulnerability scanning uses automated systems (such as ISS Internet Scanner, Qualys-Guard, or eEye Retina) with minimal hands-on qualification and assessment of vulnerabilities. This is an inexpensive way to ensure that no obvious vulnerabilities exist, but it doesn’t provide a clear strategy to improve security.
Figure 1-1.Different security testing services
Network security assessment lies neatly between vulnerability assessment and full-blown penetration testing; it offers an effective blend of tools and hands-on vulnerability testing and qualification by trained analysts. The report is usually hand-written, giving professional advice that can improve a company’s security.
Full-blown penetration testing is outside the scope of this book; it involves multiple attack vectors (e.g., telephone war dialing, social engineering, wireless testing, etc.) to compromise the target environment. Instead this book fully demonstrates and discusses the methodologies adopted by determined Internet-based attackers to compromise IP networks remotely, which in turn will allow you to improve IP network security.
Network Security Assessment Methodology
The best practice assessment methodology used by determined attackers and network security consultants involves four distinct high-level components:
Network enumeration to identify IP networks and hosts of interest
Bulk network scanning and probing to identify potentially vulnerable hosts
Investigation of vulnerabilities and further network probing by hand
Exploitation of vulnerabilities and circumvention of security mechanisms
This complete methodology is relevant to Internet-based networks being tested in a blind fashion with limited target information (such as a single DNS domain name). If a consultant is enlisted to assess a specific block of IP space, he skips initial network enumeration and commences bulk network scanning and investigation of vulnerabilities.