Book Image

Securing Network Infrastructure

By : Sairam Jetty, Sagar Rahalkar
Book Image

Securing Network Infrastructure

By: Sairam Jetty, Sagar Rahalkar

Overview of this book

Digitization drives technology today, which is why it’s so important for organizations to design security mechanisms for their network infrastructures. Analyzing vulnerabilities is one of the best ways to secure your network infrastructure. This Learning Path begins by introducing you to the various concepts of network security assessment, workflows, and architectures. You will learn to employ open source tools to perform both active and passive network scanning and use these results to analyze and design a threat model for network security. With a firm understanding of the basics, you will then explore how to use Nessus and Nmap to scan your network for vulnerabilities and open ports and gain back door entry into a network. As you progress through the chapters, you will gain insights into how to carry out various key scanning tasks, including firewall detection, OS detection, and access management to detect vulnerabilities in your network. By the end of this Learning Path, you will be familiar with the tools you need for network scanning and techniques for vulnerability scanning and network protection. This Learning Path includes content from the following Packt books: •Network Scanning Cookbook by Sairam Jetty •Network Vulnerability Assessment by Sagar Rahalkar

Related Content you might be interested in

Current Title:

Small book image
Securing Network Infrastructure
Sairam Jetty | Sagar Rahalkar
Mar, 2019 | 8 hours 58 minutes
No titles found
Table of Contents (28 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
About Packt
About Packt
Contributors
Contributors
Preface
Preface
Free Chapter
1
Introduction to Network Vulnerability Scanning
Introduction to Network Vulnerability Scanning
Basic networks and their components
Network Vulnerability Scanning
Uses
Complexity
Response
Summary
2
Understanding Network Scanning Tools
Understanding Network Scanning Tools
Introducing Nessus and Nmap
Installing and activating Nessus
Downloading and installing Nmap
Updating Nessus
Updating Nmap
Removing Nessus
Removing Nmap
3
Port Scanning
Port Scanning
Introduction
How to specify a target
How to perform host discovery
How to identify open ports
How to manage specification and scan order
How to perform a script and version scan
How to detect operating system
How to detect and bypass network protection systems
How to use Zenmap
4
Vulnerability Scanning
Vulnerability Scanning
Introduction
How to manage Nessus policies
How to manage Nessus settings
How to manage Nessus user accounts
How to choose a Nessus scan template and policy
How to perform a vulnerability scan using Nessus
How to manage Nessus scans
5
Configuration Audits
Configuration Audits
Introducing compliance scans
Selecting a compliance scan policy
Introducing configuration audits
Performing an operating system audit
Performing a database audit
Performing a web application scan
6
Report Analysis and Confirmation
Report Analysis and Confirmation
Introduction
Understanding Nmap outputs
Understanding Nessus outputs
How to confirm Nessus vulnerabilities using Nmap and other tools
7
Understanding the Customization and Optimization of Nessus and Nmap
Understanding the Customization and Optimization of Nessus and Nmap
Introduction
Understanding Nmap Script Engine and its customization
Understanding the Nessus Audit policy and its customization
8
Network Scanning for IoT, SCADA/ICS
Network Scanning for IoT, SCADA/ICS
Introduction to SCADA/ICS
Using Nmap to scan SCADA/ICS
Using Nessus to scan SCADA/ICS systems
9
Vulnerability Management Governance
Vulnerability Management Governance
Security basics
Understanding the need for security assessments
Business drivers for vulnerability management
Calculating ROIs
Setting up the context
Policy versus procedure versus standard versus guideline
Penetration testing standards
Industry standards
Summary
Exercises
10
Setting Up the Assessment Environment
Setting Up the Assessment Environment
Setting up a Kali virtual machine
Basics of Kali Linux
Environment configuration and setup
List of tools to be used during assessment
Summary
11
Security Assessment Prerequisites
Security Assessment Prerequisites
Target scoping and planning
Gathering requirements
Deciding upon the type of vulnerability assessment
Estimating the resources and deliverables
Preparing a test plan
Getting approval and signing NDAs
Summary
12
Information Gathering
Information Gathering
What is information gathering?
Passive information gathering
Active information gathering
Summary
13
Enumeration and Vulnerability Assessment
Enumeration and Vulnerability Assessment
What is enumeration?
Enumerating services
Using Nmap scripts
Vulnerability assessments using OpenVAS
Summary
14
Gaining Network Access
Gaining Network Access
Gaining remote access
Cracking passwords
Creating backdoors using Backdoor Factory
Exploiting remote services using Metasploit
Hacking embedded devices using RouterSploit
Social engineering using SET
Summary
15
Assessing Web Application Security
Assessing Web Application Security
Importance of web application security testing
Application profiling
Common web application security testing tools
Authentication
Authorization
Session management
Input validation
Security misconfiguration
Business logic flaws
Auditing and logging
Cryptography
Testing tools
Summary
16
Privilege Escalation
Privilege Escalation
What is privilege escalation?
Horizontal versus vertical privilege escalation
Privilege escalation on Windows
Privilege escalation on Linux
Summary
17
Maintaining Access and Clearing Tracks
Maintaining Access and Clearing Tracks
Maintaining access
Clearing tracks and trails
Anti-forensics
Summary
18
Vulnerability Scoring
Vulnerability Scoring
Requirements for vulnerability scoring
Vulnerability scoring using CVSS
CVSS calculator
Summary
19
Threat Modeling
Threat Modeling
What is threat modeling?
Benefits of threat modeling
Threat modeling terminology
How to model threats?
Threat modeling techniques
Threat modeling tools
Summary
20
Patching and Security Hardening
Patching and Security Hardening
Defining patching?
Patch enumeration
Security hardening and secure configuration reviews
Summary
21
Vulnerability Reporting and Metrics
Vulnerability Reporting and Metrics
Importance of reporting
Type of reports
Reporting tools
Collaborative vulnerability management with Faraday v2.6
Metrics
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Complexity

Today's network environments have a complex structure consisting of firewalls, DMZ, and network devices such as switches and routers. These devices consist of complex access lists and virtual network configurations, which makes it difficult to generalize any activity. A shift in any of the preceding configurations could result in a change of the architecture of the whole network.

If we are looking to perform an IP-based scan on any of the network components, we have to be sure that all the data packets generated are reaching the destination intact and are not being impacted by any of the devices or solutions in between. For example, if Alice is scanning Bob's computer over the network and both of them are separated by a firewall, where Bob's subnet is configured to be in WAN Ping Block Mode as a part of which ping packets will be identified and dropped at the firewall level, Alice's host discovery scans for Bob's computer will result in a false positive that machine is not live.

In order to perform a successful security profiling using a Network Vulnerability Scan, the following factors need to be considered:

  • Scope of the scan
  • Network architecture
  • Network access

Scope of the scan

If we are required to perform a vulnerability assessment for a specific application's infrastructure, it is very important to identify the data transmission sources and the components involved in the end-to-end communication. This will allow the penetration tester to perform the vulnerability scan on this scope and identify vulnerabilities specific to this application. Instead, if we choose to scan the subnets or a broader range of IP addresses, we might end up highlighting unnecessary vulnerabilities, which most of the time leads to confusion during the remediation phase. For example, if we are looking to audit a web-based application, we might be looking to include a web application, application server, web server, and database server as part of the audit scope.

Network architecture

It is always important to understand the placement of the IP address or the component on which we are performing vulnerability scanning. This will help us to customize our approach and to reduce false positives. For example, if Alice is trying to scan a web application hosted behind a web application firewall, she needs to customize the payloads or the scripts used to identify vulnerabilities using techniques such as encoding, to ensure that the payloads are not blocked by the web application firewall.

Network access

When tasked to perform Network Vulnerability Scans on a huge network, it is very important to know whether proper access has been provided to your appliance or host to perform the scanning activity. A network vulnerability scan performed without proper network access will yield incomplete results. It is always recommended to have the scanner appliance or host IP address to be whitelisted across the network devices to obtain full access to the scope of the scan.

Previous Section
End of Section 5
Next Section