|
Penetration
Testing/Vulnerability Assessments
Xelerance
provides consulting services for vulnerability
testing. If needed, we can also provide guidance
as to what to do after our report, or we can do
only the report as a verification of another organization's
work.
There
are several kinds of vulnerability assessments
that can be done. This process is sometimes called
penetration testing, although that is only one
type/aspect of an assessment.
There
are two extremes: at one side is what is sometimes
called BlackHat or BlackBox penetration testing.
At the other end is directed per-application/product
assessment, which is a form of WhiteBox testing.
Types of vulnerability
assessments:
BlackBox
Penetration Testing and Response Testing
This
is done without the knowledge of the end client
customer/user. Often only the CEO or CIO of the
client is aware of the effort. The consulting
is provided with a "get out of jail free"
letter. The consultant team attempts to comprise
the clients' security, with the goal of causing
some reaction from the customer. The goal is not
just to compromise a system, but to elicit a response
from the client, and possibly a response from
a law enforcement agency.
In
such a test it is acceptable for the consultant
to compromise one server in order to continue
gathering information, and/or attacking other
systems.
Blackbox
Penetration Resting
This
is a more traditional "scan" - it is
done with the knowledge of the client's IT department.
The IP address range(s) involved are provided
up front, or possibly only a single server, with
all other information discovered by the consultant
during the course of the "scan".
When
a potential vulnerability is found, it is exploited
if possible, but no further damage is done. If
a critical system is found to be vulnerable, then
the consultant will stop and notify the client
of this immediately.
The
client must then provide the consultant with the
access which they would have gotten by a destructive
attack on the system, so that they may continue
to determine what other systems may become vulnerable,
given that "beachhead".
The
consultant is engaged for a period of time, and
at the end of that period, the consultant writes
a report, detailing what information was gathered,
and what systems were compromised.
Multiple
types of attacks may be used, especially including
social engineering.
Vulnerability
Scanning
In
this version, the scan is done, and version information
is used to determine if some particular applications
might be vulnerable to an attack.
The
attacks are not done, these are passive scans.
A report is generated based on what applications
& potential vulnerabilities were found by
the scans.
WhiteBox
Penetration Testing
The
consultant is provided with a map of the network,
a list of servers, and a list of relationships.
The consultant is asked to then exploit these
relationships. If additional information is needed,
it is simply asked for.
WhiteBox
testing is not about defending against a total
stranger, but rather against an insider, a disgruntled
former employee, as well as against a very knowledgeable
outsider.
Application
Testing
In
the end, all successful penetrations involve exploiting
flaws or mis-features in the design or deployment
of application software. Application testing is
about testing specific applications for specific
kinds of faults.
It
is typically done by suppliers of software as
part of the Quality Assurance phase, however the
Xelerance team can act as a 3rd Party QA team
for those customers concerned about critical systems.
For more information on any of these services,
please email info@xelerance.com.
|
