Network Security v1.0 - Module 22 (Network Security Testing)

Module 22: Network Security Testing

Module Objectives:
  • Describe the various techniques and tools for network security.


22.1 Network Security Testing Techniques

Operations Security:
  • Operations Security (OpSec) starts with the planning and implementation of a network. The security team identifies risks and vulnerabilities during design and adapts accordingly during the operation phase.

  • OpSec focuses on continual maintenance and adapting the network to evolving threats.

Security Testing Techniques:
  • Manual vs Automated Testing:

    • Manual tests may be used for specific, targeted checks, while automated tools can conduct regular scans and checks across networks.

    • Security staff should be skilled in device hardening, firewalls, IPSs, network protocols, and vulnerabilities/risk mitigation.

Security Testing Objectives:
  • Security Test and Evaluation (ST&E): After a network is operational, an ST&E evaluates the security measures, identifies flaws, and checks compliance with security policies.

    • Key objectives:

      • Identify design, implementation, or operational flaws.

      • Assess the adequacy of security mechanisms.

      • Ensure system documentation aligns with implementation.

    • Periodic Testing: Tests should be repeated after system updates or changes.

Types of Network Security Tests:
  1. Penetration Testing: Simulates attacks to identify vulnerabilities and the potential consequences of successful attacks.

  2. Network Scanning: Detects open ports and identifies active resources.

  3. Vulnerability Scanning: Identifies weaknesses in systems and services.

  4. Password Cracking: Tests for weak passwords.

  5. Log Review: Inspects logs for unusual or unauthorized activity.

  6. Integrity Checkers: Detects unauthorized changes in the system.

  7. Virus Detection: Identifies and removes malware.


22.2 Network Security Testing Tools

Available Tools for Network Security Testing:
  1. Nmap/Zenmap:

    • Nmap: Discovers network devices and services, performing tasks like TCP/UDP port scanning, operating system identification, and remote host fingerprinting.

    • Zenmap: The graphical frontend for Nmap, providing an easier-to-use interface.

  2. SuperScan:

    • A Microsoft Windows tool for TCP/UDP port scanning.

    • Features include adjustable scanning speed, host detection, and banner grabbing.

  3. SIEM (Security Information Event Management):

    • Used for real-time monitoring and long-term analysis of security events in enterprise environments.

    • Functions include correlation, aggregation, forensic analysis, and retention of event data.

    • Provides detailed reports on security events, user actions, device info, and posture compliance.

  4. GFI LANguard:

    • A network and security scanner that detects vulnerabilities.

  5. Tripwire:

    • A tool for assessing and validating IT configurations.

  6. Nessus:

    • A vulnerability scanner for detecting misconfigurations and assessing TCP/IP stack security.

  7. L0phtCrack:

    • A password auditing and recovery tool.

  8. Metasploit:

    • A tool for penetration testing, vulnerability scanning, and IDS signature development.


22.3 Network Security Testing Summary

Key Takeaways:
  • Operations Security (OpSec) begins in the planning phase and continues through the operational lifecycle of the network.

  • Security Testing involves various techniques to evaluate and identify vulnerabilities in the network. Key tests include pen testing, vulnerability scanning, log review, and password cracking.

  • Nmap/Zenmap and SuperScan are low-level tools commonly used for scanning networks and identifying vulnerabilities.

  • SIEM helps monitor and correlate security events for a more comprehensive understanding of potential threats.

  • Metasploit and Nessus are used for advanced vulnerability scanning and penetration testing to evaluate system defenses.

robot