Introduction

Infrastructure penetration testing includes all internal computer systems, associated external devices, internet networking, cloud and virtualization testing. Whether it’s concealed on your inner business network or from a government point of perspective, there’s always a chance that an attacker can leverage that can damage your infrastructure.

If your defense is strong enough for Application layer attacks does not assure the security from Network Layer. Infrastructure Penetration Testing involves rigorous testing of the controls, frameworks and processes designed for the networks related to the system. It lays out procedures to penetrate into key networks of the system with an aim to identify security susceptibilities and mitigate them much before the attackers do from multiple entry points at different levels.

Methodology

Automated

We would identify the vulnerabilities present for the in-scope asset with the help of automated tools and eliminate the false-positives. Ideally, such an assessment should be used for non-critical assets.

Manual

The analyst would identify every exploitable vulnerability w.r.t the in-scope network assets. Utilizing manual effort, we fetch for every open port and the services running on the assets within the scope. After that, we test them for vulnerabilities depending on their level of exploitability and availability on the environment they exist in. We verify and validate these vulnerabilities based on the standard benchmark.

Methodology

Types of Testing

Black Box

In a black-box assessment, the auditor has no internal knowledge of the target system. A Black Box security assessment determines the vulnerabilities in a system that are exploitable from outside the network. Black Box penetration testing will be performed on all publicly discoverable servers, network and security devices, etc.

Grey Box

​In gray-box assessment, typically, the auditor has some knowledge of the internal network, potentially including design and architecture documentation and internal access to the assets. The purpose of gray-box assessment is to provide a more efficient & focused security assessment of in-scope network assets than a black-box assessment. This activity helps to simulate an attacker with longer-term access to the in-scope network.

Security Controls

Control Group Control Group Specification Description
Access Control Authentication Authentication is the process of verifying that an individual, entity or node is who it claims to be. In infrastructure, there are different types of authentication protocols being used such as Kerberos.
Authorization An authentication protocol is a type of computer communications protocol or cryptographic protocol specifically designed for the transfer of authentication data between two entities.
Data Security Data at Rest The controls in this group are checked against data stored on media such as system hard drives, external USB drives, storage area networks (SANs), and backup tapes.
Data in Transit The controls in this group are checked against data that is transmitted over a network including internal networks using wired or wireless methods and public networks such as the Internet.
User Input Handling The vulnerabilities like SQL injection, Cross-Site Scripting, Insecure file upload, OS Command Injection, HTTP Response Splitting, etc which falls under this group are checked.
Risk Management Updates and Upgrades The controls in this group are checked against asset specifications within the network like firmware version, OS patches, hotfixes, etc.
Log Management Logging and Monitoring Logging controls evaluate the network for the information stored on the client-side/server-side logs or logging methodology.
Configuration Management Misconfiguration Controls in this group evaluate the network for its configuration, without which a network might end up disclosing internal/sensitive information.
System Security Password Management The controls in this group are checked against the network which implements password management.

How It Works?

Intelligence Gathering

Intelligence Gathering

Discovery

Discovery

Fingerprinting

Fingerprinting

Port Enumeration

Open Ports & Services Enumeration

Vulnerability Analysis

Vulnerability Analysis

Verification

Verification

Exploitation

Exploitation

Post Exploitation

Post Exploitation

What can be tested?

Servers

Servers

Network Devices

Network Devices

Firewalls

Firewalls

Load Balancers

Load Balancers

Proxy

Proxy

IDS IPS

IDS/IPS

Deployments

Customised deployments of your environment