Services: Security Scan
Goal
Identification of potential vulnerabilities from the point of view of an attacker on the internet or intranet.
Initial Situation
We recommend a whitebox analysis to achieve a scientific and efficient optimization of the security audit. The customer provides all available details of the target environment (such as IP addresses and internal processes). This allows our specialists to forgo a tedious collection of data and to focus on the technical aspects instead.
Approach
Our security scans are based largely on the systematic approach detailed in the book Die Kunst des Penetration Testing (The art of penetration testing) by Marc Ruef.
- Footprinting: Collection of basic information about the target environment (e.g. IP-addresses, host names, personnel data).
- Scanning: Identification of target areas via automatized vulnerability scanners (e.g. Nmap, Nessus und Qualys).
- Analysis: Focus on potential vulnerabilities that can be exploited within an attack scenario.
- Verification: Partial exploitation of discovered security vulnerabilities to confirm their existence and identify their scope.
Result
The customer is provided with a document that contains all discovered vulnerabilities of the target environment. Each weakness is tabulated and categorized according to network area, system, service, and application. Each entry contains an individual risk assessment, technical details, instructions how to exploit the vulnerability, and suggestions for countermeasures.
Pros and Cons
This security assessment allows the quick and easy evaluation and improvement (also in terms of compliancy) of the current technical security situation of a network, a system, or a service. Normalization and statistical analyses of the data allow extensive simulations and accurate delta comparisons (benchmarking to earlier tests or to similar companies). This way, developments and trends can be made transparent to the management.
Reference Example
Security Scan LAN: For historical reasons, an international telecommunication company has a very flat LAN topology (Local Area Network). The missing segmentation and the absence of firewall systems as a common point of trust poses a significant risk for a widespread attack, both through internal attackers as well as through viruses/worms. Periodic security scans of the workstations (approx. 3500 target systems) are requested to eliminate targets and minimize the risk of a birthday attack.
