If you want to run a business with a website, security must be high on your list of important matters to get right up front. In this article, you will learn about Internet-based network security assessment and penetration testing, which can help you determine your website's risk of being successfully attacked -- and what to do to fix any problems. It is taken from chapter one of the book Network Security Assessment by Chris McNab (O'Reilly, 2004; ISBN: 059600611X).
New vulnerabilities in network services are disclosed daily to the security community and underground alike, through Internet mailing lists and public forums including Internet Relay Chat (IRC). Proof-of-concept tools are often published for use by security consultants, whereas full-blown exploits are increasingly retained by hackers and not publicly disclosed in this fashion.
Here are five web sites that are extremely useful for investigating potential vulnerabilities within network services:
SecurityFocus hosts many useful mailing lists including BugTraq, Vuln-Dev, and Pen-Test. These can be subscribed to by email, and archived posts can be browsed through the web site. Due to the sheer number of posts through these lists, I personally browse the mailing-list archives only every couple of days.
Packet Storm actively archives underground exploit scripts, code, and other files. If you are in search of the latest public tools to compromise vulnerable services, Packet Storm is a good place to start. Often, SecurityFocus provides only proof-of-concept or old exploit scripts that arenít effective in some cases.
Lately, Packet Storm has not been updated as much as it could be, so I increasingly browse databases such as the MITRE Corporation Common Vulnerabilities and Exposures (CVE), ISS X-Force, and CERT vulnerability notes lists. These lists allow for effective collation and research of all publicly known vulnerabilities so that exploit scripts can be located or built from scratch.
Investigation at this stage may also mean further qualification of vulnerabilities. Often it is the case that bulk network scanning doesnít give detailed insight into service configuration and certain enabled options, so a degree of manual testing against key hosts is often carried out within this investigation phase.
Key pieces of information that are gathered through investigation include technical details of potential vulnerabilities along with tools and scripts to qualify and exploit the vulnerabilities present.
Exploitation of Vulnerabilities
Upon qualifying potential vulnerabilities in accessible network services to a degree that itís probable that exploit scripts and tools will work correctly, attacking and exploiting the host is the next step. Thereís not really a lot to say about exploitation at a high level, except that by exploiting a vulnerability in a network service and gaining unauthorized access to a host, an attacker breaks computer misuse laws in most countries (including the United Kingdom, United States, and many others). Depending on the goal of the attacker, she can pursue many different routes through internal networks, although after compromising a host, she usually undertakes the following:
Gain superuser privileges on the host
Download and crack encrypted user-password hashes (the SAM database under Windows and the /etc/shadow file under most Unix-based environments)
Modify logs and install a suitable backdoor to retain access to the host
Compromise sensitive data (databases and network-mapped NFS or NetBIOS shares)
Upload and use tools (network scanners, sniffers, and exploit scripts) to compromise other networked hosts
This book covers a number of specific vulnerabilities in detail but leaves cracking and pilfering techniques (deleting logs, installing back doors, sniffers and other tools) to the countless number of hacking books available. By providing you with technical information related to network and application vulnerabilities, you will be able to formulate effective countermeasures and risk-mitigation strategies.