Aldelta

Penetration Testing

Infrastructure Penetration Testing Approach

Public and private companies depend on communication and information systems to successfully fulfil their business goals. These systems are subject to threats that can harm the company, its assets, employees, associates, and customers by exploiting known vulnerabilities from those of unknown origin and hence jeopardize the confidentiality, integrity, and availability of information stored, processed, or transmitted by these systems. Threats to these systems may include purposeful attacks, disruptions, environmental, human/machine errors and structural failures. Therefore, leaders and managers at all levels must understand their responsibilities and are subsequently held accountable for managing information security risk—that is, the risk associated with the operation and use of information systems that support the missions and business functions of the organization.

ALDELTA DMCC (Hereafter called “ALDELTA”) is equipped with wide-ranging implementation experience in risk management, across numerous industries and multiple global databases. ALDELTA’s information-security-consulting team provides evaluation, planning and implementation of information security consulting aligned specifically to organizational business strategies to assist organizations in effectively using and protecting their critical data assets.

Infrastructure penetration testing is carried out by the ALDELTA team according to known, established and accepted methods.

We at ALDELTA do not limit ourselves only to commonly known methodologies as clearly neither do the malicious attackers.

The main objective of a penetration test is to simulate an organization’s exposed threats as viewed from the internal network. Especially a network which is susceptible and exposed to employees and guests having partial knowledge or no knowledge of the target’s network.
Usually done by logging into a hotspot in the organization, testing prevention and the awakening of the detection circle, while mapping and exploiting vulnerabilities and trying to obtain rights and privileges.

Furthermore, our purpose via conducting extensive penetration tests into the clients’ infrastructure is seeking to expose security flaws with the purpose of providing the client with a clear picture of the security vulnerabilities.

In addition, presenting an operational report containing mitigation and/or remediation recommendations for each vulnerability exposed.

The examination includes penetration tests according to fixed models based on established and acceptable standards. This examination aims to test the resistance of the security means and the protection methods the company requires and adopts.
Infrastructure penetration tests carried out by ALDELTA’s team are done according to two models, Both completely cover the topic of information security in the organization network infrastructure:

– NIST, which defines security, monitoring and control procedures in information security.

– SANS, engaging in examining infrastructure and covering the test procedure from the mapping stage to the conclusion stage.

Each client and business differ, ALDELTA understand that, hence after submitting the
draft report to the client ALDELTA will perform a validation process with the client’s technical team to make sure the mitigation processes suggested are relevant.

This process will result in a final report that not only accurately presents the client with a vulnerability list but will also contain “tailor-made”, relevant recommendations and mitigations specific to the clients’ needs.

Infrastructure penetration is normally performed both internally and externally using partial information (Grey Box) from the client, in order to receive a full picture thus enriching each test’s findings. This is our default attack model unless specifically agreed otherwise.

By customers request Black Box (no information) and White Box (full information) testing can be done as well, yet it is less recommended since it is considered less representing of an actual attack scenario and are less cost and time effective.

Scoping of the project is done by determining the IP range to be tests internally and externally, and the number of physical locations (in case of internal penetration test).

During the tests the following issues are examined (will differ according to relevance):

  • Servers – Various servers existing in the organization such as FTP servers, CRM servers etc., depending on the organization’s systems.
  • Active Directory – An authentication test of the system, DC servers, e-mail servers, and so forth.
  • Databases – SQL servers, Oracle, a Storage test in the organization, the various accesses to them and the ability to reach the information saved thereon.
  • Routers – Performing an attempt to receive access to routing definitions, bypassing the system and making changes.
  • Switches – Testing the possibilities of retrieving information through the hub’s definitions, attempts to bypass the systems.
  • VPN – Attempts to login to the organization systems via the VPN interface, attempting to expose users’ names and passwords, etc.
  • NAC – Testing the NAC monitoring and blocking ability, including an actual attempt and observing the log files (The test scenario will be carried out before and after the NAC.
  • Various systems – AP and WiFi networks, VoIP servers, camera servers, merge servers, etc.

The following scenarios will be attempted (according to relevance):

  • Device and service enumeration and Fingerprinting
  • Potential compromises through weak passwords of the system’s users
  • Windows\Linux enumeration
  • Identification of misconfigurations
  • Vulnerability identification
  • Exploitation of security vulnerabilities
  • Privilege escalation
  • Network protocol manipulation
  • Network traffic sniffing
  • Network device compromising
  • Database compromising
  • Server takeover attempt
  • Sensitive information locating
  • Domain controller takeover attempt

1. Project prerequisites

  • Project scoping and pricing
  • Project prerequisites
  • Receiving access from client to needed information
  • Setting test environment on clients premises

2. Tests execution

  • A team of specialized pen-testers will execute the penetration test in accordance with the client
  • Critical vulnerabilities maybe flagged on the go

3. Initial report

  • Vulnerabilities will be presented with detail along with relevant mitigation suggestions
  • The report is reviewed by team manager

4. Report Validation

  • Report is presented to client’s technical team.
  • Q/A session
  • Final report editing

5. Final report

  • The report is reviewed by team manager
  • Final report is submitted to client
  • Project conclusion

6. Vulnerabilities mitigation

  • Client’s tech team applies report suggestions as they see fit
  • Q/A with ALDELTA’s team during the process, if needed

7. Retest (optional)

  • Vulnerabilities found in the original report are retested to make sure they were fixed
  • Final report is submitted to client
*Submitting Retest wil follow by repet steps 6-7 

Infrastructure penetration tests conducted by ALDELTA provide an objective summary of risks that may impact confidentiality, integrity and availability of information systems and data that the client relies upon to operate.

1. Executive Summary

  • Project definitions
  • Limitations
  • Scanning and testing scope
  • Vulnerabilities list (ranked critical to low)

2. Detailed Findings

  • Each vulnerability found described in detail alongside full POC, severity level and CVSS Score, reference and recommended mitigation.