Penetration Testing Primer

Penetration Testing is described by the US Government as "the process of using approved, qualified personnel to conduct real-world attacks against a system so as to identify and correct security weaknesses before they are discovered and exploited by others."
(http://www.ffiec.gov/ffiecinfobase/booklets/e_banking/ebanking_04_appx_b_glossary.html)

Penetration Testing & Vulnerability Assessment are terms that are used interchangeably and often assumed to mean the same thing. In reality they are very different exercises that should be used to assess an organisation’s security posture.

Vulnerability assessments compare Operating systems, Application Services & Configuration sets against a series of documented exposures for the environment that they relate. For instance, if a machine is identified as a Windows 2003 SP2 host, a vulnerability assessment will assess this machine against all known vulnerabilities for Windows 2003. Vulnerabilities test for the prevalence of exposure. However they do not try to exploit the exposure.

Penetration Testing techniques build on the information captured from a vulnerability assessment. Once exposures have been identified, Nettitude tries to exploit these exposures to gain deeper access in to a corporation’s infrastructure. Nettitude assesses the way in which applications have been designed, deployed and configured and use their skills and expertise to bend the rules of what should be possible within the infrastructure.

Both Vulnerability Assessments and Penetration Testing programmes provide an organisation with a quantitative approach to assessing their security posture. Both approaches result in strong documentation that highlight a company’s exposures and also provides recommendations on what can be done to mitigate the risks. Nettitude has a portfolio of sample documents from a number of different industry verticals that can illustrate our reporting capability. To gain access to these sample reports, please contact Nettitude through the contact page and a new Business Development Manager will be happy to provide reports relevant to your industry.

Security best practice suggests that organisations should undertake vulnerability assessments and penetration tests so as to identify weaknesses and exposures in an infrastructure before an attacker is able to take advantage of them. As a consequence, Nettitude provides two broad approaches to testing an environment.

• Completely Blind test, where no information is provided to Nettitude about hosts or services (often referred to as a Blackhat testing approach)
• Informed test, where Nettitude is given credentials on a host or in a service. This is designed to see what an authenticated user could see (often referred to as a Whitehat testing approach)

Nettitude also provide a blended approach to testing, where consultants start off assessing an infrastructure based on Blackhat techniques but then move on to assessing the environment with a set of credentials. The 2 tests are undertaken as discrete exercises, but provide customers with a more holistic assessment of their overall security posture.

• Vuln: Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability
• Vuln: Microsoft Excel FNGROUPNAME Record Remote Code Execution Vulnerability
• Vuln: Squid Web Proxy Cache HTCP Request Processing Remote Denial of Service Vulnerability