Penetration Testing

Penetration testing is the process of simulating attacks on a network and its systems at the request of the owner, senior management. Penetration testing uses a set of procedures and tools designed to test and possibly bypass the security controls of a system. Its goal is to measure an organization’s level of resistance to an attack and to uncover any weaknesses within the environment. Organizations need to determine the effectiveness of their security measures and not just trust the promises of the security vendors. A penetration test emulates the same methods attackers would use. Attackers can be clever, creative, and resourceful in their techniques, so penetration attacks should align with the newest hacking techniques along with strong foundational testing methods.

The type of penetration test that should be used depends on the organization, its security objectives, and the management’s goals. Some corporations perform periodic penetration tests on themselves using different types of tools, or they use scanning devices that continually examine the environment for new vulnerabilities in an automated fashion. Other corporations ask a third party to perform the vulnerability and penetration tests to provide a more objective view.

Penetration tests can evaluate web servers, DNS servers, router configurations, workstation vulnerabilities, access to sensitive information, remote dial-in access, open ports, and available services’ properties that a real attacker might use to compromise the company’s overall security. Some tests can be quite intrusive and disruptive. The timeframe for the tests should be agreed upon so productivity is not affected and personnel can bring systems back online if necessary.

The result of a penetration test is a report given to management that describes the vulnerabilities identified and the severity of those vulnerabilities, along with suggestions on how to deal with them properly. From there, it is up to management to determine how the vulnerabilities are actually dealt with and what countermeasures are implemented.

Vulnerability Assessment 

A vulnerability assessment is designed to test your internal or external infrastructure against known vulnerabilities. A vulnerability assessment will also test an infrastructure against manufacturer known passwords and default configuration parameters. Vulnerability Assessment is not rocket science to perform automatically. Vulnerability Assessment scans starts after all is pretty automated from the beginning and then reports back its findings in the form of a report and that's it.

Linux is the primary tool for system hacking. All of the best scripts run on it, and developing new tools is easier than in Windows. The code also tends to be more compact. Since the network assessment process usually begins with automated or semi-automated vulnerability scans, and progresses to attempting to exploit weaknesses found by those scans, a product that does both, and integrates both results and reporting. We apply human logics in the context of business risks, and the results are more thorough and comprehensive than an automated scanning report.

A Vulnerability Analysis provides an overview of the flaws that exist on the system. Vulnerability Analysis is the process of identifying vulnerabilities on a network and quantifying the security Vulnerabilities in a system. A Vulnerability Analysis works to improve security posture and develop a more mature, integrated security program. Commonly Vulnerability Assessment goes through the following phases: Information Gathering, Port Scanning, Enumeration, Threat Profiling & Risk Identification, Network Level Vulnerability Scanning, Application Level Vulnerability Scanning, Mitigation Strategies Creation, Report Generation, and Support.

Types of VPN Protocols

A protocol is a set of standardized rules that determines error detection methods, data authentication, signaling and representation of data over a communications channel the medium used for the transfer of data from the sender to the receiver. Its purpose is to ensure a reliable channel for the exchange of data. Virtual Private Network technology is heavily influenced by tunneling, which is the process of creating and maintaining logical network connection or ‘tunnels’ with the help of public internet.

Once we have decided to use the VPN service we further have to decide what type of VPN protocols to use. There are a number of VPN protocols in use that secure the transport of data traffic over a public network infrastructure. The most used VPN protocols are: PPTP, L2TP, IPSec, SSL.

PPTP

Point-to-Point Tunneling Protocol (PPTP) is a networking protocol that is built on the Point-to-Point (PPP) protocol. PPTP is one of the most widely used VPN protocols because of its simple configuration and easy maintenance and also because it is included with the Windows operating system. Its main function is to ensure that data from one VPN computer, or node, to another is transmitted securely. The PPTP also supports VPN over public networks like the Internet. It was created by Microsoft in association with other technology companies. But compared to other methods, PPTP is faster and it is also available for Linux and Mac users.

L2TP

L2TP (Layer 2 Tunneling Protocol) is another tunneling protocol that supports VPNs. This was developed as a joint effort between Microsoft and Cisco Systems. The Layer Two Forwarding protocol (L2F) is the Cisco Systems equivalent of the Microsoft-based PPTP protocol. In an attempt to improve on L2F, the best features of it and PPTP were combined to create a new standard called L2TP. Alongside providing data confidentiality as in PPTP, L2TP also allows data integrity that is the protection of data against its customization between the times it takes to reach from sender to receiver. It requires a digital certificate or a shared key for its implementation and is available as built-in feature in Windows.

IPSec

IPSec (IPSecurity) traffic can use either L2TP data packets transport mode or tunneling to encrypt data traffic in a VPN. The difference between the two modes is that transport mode encrypts only the message within the data packet (also known as the payload) while tunneling encrypts the entire data packet. IPSec is often referred to as a "security overlay" because of its use as a security layer for other protocols. IPSec can be expensive and time consuming client installations.

SSL

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) use cryptography to secure communications over the Internet. SSL is a VPN accessible via https over web browser. The advantage of this SSL VPN is that it doesn’t need any software installed because it uses the web browser as the client application. Through SSL VPNs the user’s access can be restrict to specific applications instead of allowing access to the whole network.

What is VPN?

A Virtual Private Network (VPN) is a network technology that creates a secure network connection over a public network such as the Internet or a private network owned by a service provider. File sharing, video conferencing, network services, large corporations, educational institutions, and government agencies use VPN technology to enable remote users to securely connect to a private network. By using a VPN, ensure security to anyone intercepting the encrypted data can't read it.

A dial-up or leased line connection creates a physical connection to a port on a remote access server on a private network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. However, using dial-up or leased lines to provide network access is expensive when compared to the cost of providing network access using a VPN connection. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost.

VPNs provide security through tunneling protocols and security procedures such as encryption. In protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be "entered" by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.

This summary is not available. Please click here to view the post.

HTTPS or HTTP over SSL

HTTPS (Hyper Text Transfer Protocol Secure or HTTP over SSL) is a secure way of using HTTP. HTTPS was developed by Netscape. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. When a user connects to a website via HTTPS, the website encrypts the session with a digital certificate. HTTP provides almost no security features; it contains only basic Authentication mechanisms, and no support for privacy.  HTTPS allows secure ecommerce transactions, such as online banking. A user can know if they are connected to a secure website if the website URL begins with https:// instead of http://.  HTTPS and SSL support the use of X.509 digital certificates from the server so that, if necessary, a user can authenticate the sender. HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.

HTTPS is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sub layer under regular HTTP application layering. The browser uses SSL or TLS when connecting to a secure part of a website indicated by an HTTPS URL. Suppose you visit a Web site to view their online shopping website. When you're ready to order, you will be given a Web page order form with a Uniform Resource Locator (URL) that starts with https://. When you click "Send," to send the page back to the online shop retailer, your browser's HTTPS layer will encrypt it. The acknowledgement you receive from the server will also travel in encrypted form, arrive with an https:// URL, and be decrypted for you by your browser's HTTPS sub layer. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks.

Secure Hypertext Transfer Protocol

S-HTTP (Secure HTTP) is an extension to the Hypertext Transfer Protocol (HTTP) that allows the secure exchange of files on the World Wide Web. Each S-HTTP file is either encrypted, contains a digital certificate, or both. S-HTTP provides a wide variety of mechanisms to provide for confidentiality, authentication, and integrity. Separation of policy from mechanism was an explicit goal. The system is not tied to any particular cryptographic system, key infrastructure, or cryptographic format, but it does support the Rivest-Shamir-Adleman (RSA) public key infrastructure encryption system. S-HTTP is an alternative to another well-known security protocol, Secure Sockets Layer (SSL). A major difference is that S-HTTP allows the client to send a certificate to authenticate the user whereas, using SSL, only the server can be authenticated. S-HTTP is more likely to be used in situations where the server represents a bank and requires authentication from the user that is more secure than a user id and password.

S-HTTP is a superset of HTTP, which allows messages to be encapsulated in various ways. Encapsulations can include encryption, signing, or MAC based authentication. This encapsulation can be recursive, and a message can have several security transformations applied to it. S-HTTP also includes header definitions to provide key transfer, certificate transfer, and similar administrative functions. S-HTTP appears to be extremely flexible in what it will allow the programmer to do.

Secure Sockets Layer

SSL is an acronym for Secure Sockets Layer, an encryption technology that was created by Netscape. SSL creates an encrypted connection between web servers and web browsers allowing for private information to be transmitted without the problems of eavesdropping, data tampering, or message forgery. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. SSL uses a cryptographic system that uses two keys to encrypt data a public key known to everyone and a private or secret key known only to the recipient of the message. SSL is supported as part of the Microsoft, Netscape browser, and many web server products. Many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http. Typically an SSL Certificate will contain your domain name, your company name, your address, your city, your state and your country. It will also contain the expiration date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate. When a browser connects to a secure site it will retrieve the site's SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL. 

Identification and authentication Systems

Identification is the process by which the identity of a user is established, and authentication is the process by which a service confirms the claim of a user to use a specific identity by the use of credentials (usually a password or a certificate).

Identification

Identification is the process that enables recognition of a user described to an automated data processing system. This is generally by the use of unique machine readable names. In human terms, client and merchant engage in mutual identification when they, for example, tell each other their names over the phone. With identification, one’s identity is asserted and accepted without further proof. Apart from anonymity, where one’s identity is not known at all, identification is the lowest form of recognition. Identification is a weak and generally unreliable way of relating an asserted name to an individual. This is because anyone knowing someone else’s identity can assert his or her as that individual. But that is what identification is. This is why there is a way to prove one’s identity with authentication.

Authentication

Authentication is "A positive identification, with a degree of certainty sufficient for permitting certain rights or privileges to the person or thing positively identified." In simpler terms, it is "The act of verifying the claimed identity of an individual, station or originator". In a human contact by phone, the client and merchant might recognize (authenticate) each other by their familiar voices. In the context of information systems, authentication is most often accepted with a user id or user name and a password or pass phrase. It is assumed that, while many individuals may know a person’s user id or user name, only the person associated with the user id or user name will know the password. When the person furnishes his or her user id and password, the system to which they are identifying themselves knows that this person is in fact who they claim to be.