Network Security v1.0 - Module 22 (Network Security Testing)

Module 22: Network Security Testing

Module Objectives:

• Describe the various techniques and tools for network security.

22.1 Network Security Testing Techniques

Operations Security:

• Operations Security (OpSec) starts with the planning and implementation of a network. The security team identifies risks and vulnerabilities during design and adapts accordingly during the operation phase.

• OpSec focuses on continual maintenance and adapting the network to evolving threats.

Security Testing Techniques:

• Manual vs Automated Testing:

  • Manual tests may be used for specific, targeted checks, while automated tools can conduct regular scans and checks across networks.

  • Security staff should be skilled in device hardening, firewalls, IPSs, network protocols, and vulnerabilities/risk mitigation.

Security Testing Objectives:

• Security Test and Evaluation (ST&E): After a network is operational, an ST&E evaluates the security measures, identifies flaws, and checks compliance with security policies.

  • Key objectives:

    • Identify design, implementation, or operational flaws.

    • Assess the adequacy of security mechanisms.

    • Ensure system documentation aligns with implementation.

  • Periodic Testing: Tests should be repeated after system updates or changes.

Types of Network Security Tests:

1. Penetration Testing: Simulates attacks to identify vulnerabilities and the potential consequences of successful attacks.

2. Network Scanning: Detects open ports and identifies active resources.

3. Vulnerability Scanning: Identifies weaknesses in systems and services.

4. Password Cracking: Tests for weak passwords.

5. Log Review: Inspects logs for unusual or unauthorized activity.

6. Integrity Checkers: Detects unauthorized changes in the system.

7. Virus Detection: Identifies and removes malware.

22.2 Network Security Testing Tools

Available Tools for Network Security Testing:

1. Nmap/Zenmap:

   • Nmap: Discovers network devices and services, performing tasks like TCP/UDP port scanning, operating system identification, and remote host fingerprinting.

   • Zenmap: The graphical frontend for Nmap, providing an easier-to-use interface.

2. SuperScan:

   • A Microsoft Windows tool for TCP/UDP port scanning.

   • Features include adjustable scanning speed, host detection, and banner grabbing.

3. SIEM (Security Information Event Management):

   • Used for real-time monitoring and long-term analysis of security events in enterprise environments.

   • Functions include correlation, aggregation, forensic analysis, and retention of event data.

   • Provides detailed reports on security events, user actions, device info, and posture compliance.

4. GFI LANguard:

   • A network and security scanner that detects vulnerabilities.

5. Tripwire:

   • A tool for assessing and validating IT configurations.

6. Nessus:

   • A vulnerability scanner for detecting misconfigurations and assessing TCP/IP stack security.

7. L0phtCrack:

   • A password auditing and recovery tool.

8. Metasploit:

   • A tool for penetration testing, vulnerability scanning, and IDS signature development.

22.3 Network Security Testing Summary

Key Takeaways:

• Operations Security (OpSec) begins in the planning phase and continues through the operational lifecycle of the network.

• Security Testing involves various techniques to evaluate and identify vulnerabilities in the network. Key tests include pen testing, vulnerability scanning, log review, and password cracking.

• Nmap/Zenmap and SuperScan are low-level tools commonly used for scanning networks and identifying vulnerabilities.

• SIEM helps monitor and correlate security events for a more comprehensive understanding of potential threats.

• Metasploit and Nessus are used for advanced vulnerability scanning and penetration testing to evaluate system defenses.