Getting Started into the Network Security

  • Home
  • Getting Started into the Network Security
Getting Started into the Network Security
Getting Started into the Network Security
Getting Started into the Network Security
Getting Started into the Network Security

The recent years have emphasised the importance of cyber security in a data-driven world where everyone, regardless of their size or mission, is cultivating their online presence to reap the numerous benefits. Attacks have become more commonplace, and the misuse of stolen data has also become the standard, requiring individuals and businesses that use data to implement stringent management and protection procedures. Through this post, we hope to shed some light on the significance of network penetration testing and help readers better understand how to safeguard networks and avoid data breaches.

What is Network?

A computer network is a setup that joins two or more computers together to share and transport data. Mobile phones and servers are both examples of computing devices. These gadgets can be connected wirelessly or by physical connections like fiber optic cables.

Let’s understand some objectives behind deploying a computer network.

Credits https://www.spiceworks.com/

Resource Sharing

Users can use shared resources as if they were on their computers when accessing them successfully. Files, data, multimedia, and hardware resources like printers, fax machines, and scanners are the most frequently utilised shared network environment elements.

Resource Availability and Reliability

Resources are available from numerous points and are not kept in inaccessible silos, thanks to a network. To be available in case of events like hardware failures and important resources must be backed up across numerous machines.

Performance Management

As a business expands, its workload only gets bigger. The system’s overall performance is enhanced, and this expansion is accommodated when one or more processors are added to the network. Data storage in well-designed databases can significantly reduce lookup and retrieve times.

Cost Saving

It makes more sense to add processors at key locations within the system rather than purchasing large mainframe computers, which are an expensive investment. This boosts efficiency while simultaneously reducing costs. Networks reduce operational time and expenses by allowing staff to access information quickly. Less money needs to be invested in IT support, thanks to centralised network administration.

Increased Storage Capacity

Employees that deal with large amounts of data benefit greatly from network-attached storage devices. For instance, no individual member needs their own data repository due to the enormous volume of records the data science team analyses. Using centralised repositories increases productivity even further. The ability to increase storage capacity is essential in the modern world because organisations are receiving unprecedented amounts of client data into their systems.

Streamlined collaboration & communication

Networks significantly affect how a firm runs on a daily basis. File sharing, peer review, calendar synchronisation, and idea-sharing among staff members are all possible. Internal chat platforms like Slack are used by every modern business to provide unrestricted communication and information flow. Emails remain the official communication channel with customers, partners, and suppliers.

There are mainly three types of networks.

LAN (Local Area Network):- The most used type of network is LAN. A local area network, or LAN, is a type of computer network that links computers together through a common communication connection. Two or more computers connected via a server make up a LAN. Ethernet and Wi-fi are the two key technologies used in this network.

MAN (Metropolitan Area Network):– This kind of computer network utilises a shared communication path across a city, town, or metropolitan area to link computers that are separated by distance.

WAN (Wide Area Network):-  A WAN is a kind of computer network that utilises a common communication path to connect machines separated by a great distance. It spans numerous locations rather than being limited to only one. A collection of local area networks that communicate with one another can also be referred to as WAN.

Why Network Pentest is Important?

Now we have a good understanding of what a network is, the main purpose of the pen test is to improve network security and provide protection for the entire network and connected devices against future attacks. Conducting Penetration testing helps to identify vulnerabilities within a network.  

Some Key Points

An Insider Perspective: A pen-test lets you experience real-world situations where you might encounter an attacker. Testing the security controls you have in place should be done without alerting the staff so that you can determine if they are effective.

Identifying and Prioritizing Risk: Risk-prioritizing is an important part of pen-testing. The data provided by scanners can be extremely helpful in identifying network vulnerabilities. If your team does not prioritise the vulnerabilities, how will it determine which to patch first? Penetrating your network will allow you to identify which vulnerabilities will affect your network the most and then prioritise your efforts accordingly.

Identify Vulnerabilities: Pen-testing can provide insight into where vulnerabilities exist in your network. Pen testing consists of attacking your network as a hacker would do and doing whatever it takes to gain access. To keep your network secure, you would be wise to let a third party conduct a penetration test, even once or twice a year, to examine it from a different perspective.

Evaluate the feasibility of each Attack Vector: Examine attack vectors to determine their feasibility. However, based on the results of a penetration test, you are able to know for certain how attackers could gain access to our system or if spending resources on a riskier attack vector is appropriate. Post-Incident Analysis.

Analyse Post-Incident: Having had your system hacked, your organisation needs to figure out how the attackers got in. Combining penetration testing with forensics analysis can help you implement new security measures to prevent a repeat attack.

Methodology

1. Identifying hosts both internally and externally

The test you conduct may involve finding hosts within the company’s internal network or locating assets on the Internet, or we can say on the external network. So let’s get into the Host Discovery.

Host Discovery

This is an early stage of network reconnaissance. A host’s presence at an IP address is typically checked using a variety of techniques by the unauthorised user, who typically starts with finding a Range of IP addresses from the target network. Using a sonar analogy, host finding is commonly referred to as “Ping” scanning. Basically, the objective is to send a packet to the IP address and wait for it to respond.

DNS Footprinting

A DNS footprint is used to collect information on DNS zone data, which includes elements such as domain names, machine names, IP addresses, and more.

The nslookup and dig are the most commonly used tools for DNS footprinting. These tools are pre-installed in Kali Linux for other OS the installation guide can be found here.

Nslookup

nslookup <domainname>
nslookup google.com

Here we can see in the output the server address and the Ip range of google.

By using  -type=any  different types of records can be extracted,

Here is some example

Extracting SOA (Start of Record) records

nslookup -type=soa google.com

Extracting mail exchange server record

nslookup -type=mx google.com

dig (Domain Information Groper)

dig is mainly used for querying the DNS nameserver. This tool locates IP address records, logs the query path when a reliable nameserver responds, and detects other DNS issues.

Here is one examples,

dig google.com

The HEADER section displays the information it received from the server.

The OPT PSEUDOSECTION section displays advanced information.

  • EDNS – Extension system for DNS
  • Flags – blank because no flags were specified
  • UDP – UDP packet size

Under the QUESTION section, the following information is displayed:

  • The first column shows the domain name that was queried
  • The second column represents the type of query (IN = Internet)
  • The third column specifies the record (A = Address), unless otherwise specified

The STATISTICS section contains information about the query:

  • Query time – The amount of time it took for a response
  • SERVER – The IP address and port of the responding DNS server.
  • WHEN – Timestamp when the command was run
  • MSG SIZE rcvd – The size of the reply from the DNS server

The more detailed use of dig can be found here.

2. Port/Service scanning

Port scanning is a common tactic malicious users use in order to find weak points or open doors in a network. Port and Service scanning is done by sending traffic to particular ports.

List of common ports in the network.

Port NumberUsage
20File Transfer Protocol (FTP) Data Transfer
22Secure Shell (SSH)
23Telnet – Remote login service, unencrypted text messages
25Simple Mail Transfer Protocol (SMTP) E-mail Routing
53Domain Name System (DNS) service
80Hypertext Transfer Protocol (HTTP) used in the World Wide Web
110Post Office Protocol (POP3) used by e-mail clients to retrieve e-mail from a server
119Network News Transfer Protocol (NNTP)
123Network Time Protocol (NTP)
143Internet Message Access Protocol (IMAP) Management of Digital Mail
161Simple Network Management Protocol (SNMP)
194Internet Relay Chat (IRC)
443HTTP Secure (HTTPS) HTTP over TLS/SSL

Nmap for Port/Service Scanning

There is no doubt that Nmap is the most popular scanning tool used by security researchers. It is an open-source command-line tool, and there is also a GUI version available called Zenmap. Some key features of Nmap, it allows Network Administrators to find out what devices are connected to their networks, discover open ports and services, and identify vulnerabilities.

It provides the different types of scans.

Single Host Scan

It scans 1000 ports on one host. There are several popular services that uses these ports, such as SQL, Apache and others.

nmap  scanme.nmap.org

Stealth Scan

SYN scan is the most popular and default scan option. Thousands of ports can be checked per second on a network without intrusive firewalls, allowing this process to be performed quickly. It never completes TCP connections, which makes SYN scan relatively unobtrusive.

nmap -sS scanme.nmap.org

Version scan

As many services share the same ports, the version of the service is likely to be vulnerable to past exploits. Thus, detecting the software running behind the port will serve as an important tool for discriminating between services.

nmap -sV scanme.nmap.org

Using Nmap Scripts Engine (NSE)

Nmap Scripting Engine (NSE) is an important feature that enables us to automate various networking tasks by writing and sharing scripts. The scripts provided by the Nmap are very powerful and accurate in results. The scripts are written in the Lua programming language. Parallel execution of those scripts meets Nmap’s high speed and efficiency standards. You can find more information about NSE here.

The below image shows the list of some available scripts.

Running Nmap scripts

syntax

namp –-script <script_name> <Host>

example.

nmap –-script vulners scanme.org

–script” flag is used to load the Nmap scripts

vulners” is the script name

3. Metasploit For Network Pen testing

In addition to testing security vulnerabilities, enumerating networks, and executing attacks, the Metasploit Framework provides a number of tools for evading detection. The Metasploit framework is pre-installed in Kali Linux. Alternatively, a GUI version is available called Armitage; more information can be found here.

Using the msfconsole command, launch the Metasploit, and search for the port scanning module by using the search (search portscan) command.

We have got the number of modules as a result. You can explore all this on your own, but for example, we will choose auxiliary/scanner/portscan/tcp to run a TCP scan.

use command is used to select the particular module.

A detailed description and the module’s requirements can be found using the info command.

The target should be specified as RHOST, and the range of ports to be scanned should be specified to PORTS by using the set command.

By using the run command, initiate the scan.

To exploit the flaws in the network, Metasploit plays a pivotal role. It came up with thousands of exploits and hundreds of payloads. In addition to providing a development platform, Metasploit also allows users to write their own security tools or exploits.

4. Exploitation

Pen testers use the data gathered during the discovery phase, such as potential vulnerabilities and entry points, in the exploitation phase, when they begin to test the exploits on network devices or in the systems. The goal of the exploitation phase is to get access to the network environment while avoiding detection and by locating entry points, utilizing a variety of pen testing tools that are already available on the internet in order to quickly determine their true risk in the actual world.

5. Reporting

Vulnerability Assessments are not complete without Reporting, and it plays a very important role in the whole VAPT (Vulnerability Assessment and Penetration Testing) process. The purpose of reporting is to provide the client with a comprehensive explanation of the issues found in the network. Some important key points for writing an excellent report.

  • Detailed Heading: Combining the vulnerability type, domain or endpoint, and the location of the vulnerability manages to make a suitable report title.
  • Explanation of the Vulnerability: Explanation is a succinct summary of the report title in which the pen testers provide background information about the endpoint or component that is insecure, followed by a description of the vulnerability’s type and consequences.
  • Severity: An appropriate severity rating will help the client prioritise which vulnerabilities to address first and ensure that urgent fixes are made for serious vulnerabilities.
  • Step to Reproduce and POC:  Include all the pertinent information you can think of and give detailed directions on how to replicate the vulnerability. Give proper, step-by-step POCs (screenshots, video POC).
  • Mitigation and References: The client’s time spent on researching the mitigation will be saved by adding relevant mitigation in the report. A reference to external websites related to the vulnerability will help the client get a better understanding of it.

When You Need Us

We recognise that maintaining the security of your network is a crucial component of your organisation’s core risk management strategy. A comprehensive way of discovering possible vulnerabilities in the network is Network penetration testing. When it comes to your network, we will thoroughly test all known exploits as well as explore further afield to find any new flaws. Securityboat is dedicated to guaranteeing the highest level of network security, from information collection to spotting possible vulnerabilities and providing remedies. Find more about us here.

Leave a Reply

Your email address will not be published. Required fields are marked *