Testing Scope, timeline, and support
At the beginning of the Network Security Testing process, the penetration tester understands the scope of the network. Any doubts, such as out-of-scope IPs and VPN credentials that are provided to test the network, are discussed in this step.
Access to organization
There are different methods through which we can access internal network of the organization:
Virtual Private Network(VPN): This allows us to connect to an organization over the internet using secure and encrypted connection. Even though we are connected to an internal network using VPN, there’s a high chance that results of scans are false positive as IP’s need to be whitelisted by firewall.
Remote Desktop Protocol (RDP): This protocol allows us to connect to a remote desktop or a server. Although, the only limitation is that only a certain number of users can be connected at a time.
Virtual Private Cloud (VPC): This is used for cloud platforms such as AWS, Azure, GCP, etc. This creates an isolated environment with controlled access which is ideal for testing.
Secure Shell (SSH): This protocol gives us command line access to a remote desktop or a server using an encrypted channel and is considered ideal when testing with command line tools such as nmap, metasploit, etc.
Initial Scan
Once the scope is determined and agreed upon, we start initial scans using automated tools such as Nessus, Qualys, Rapid 7, etc. These scans will scan the entire scope and list down vulnerable IPs and ports, along with vulnerable services running on them. In Vulnerability Assessment, automated testing is preferred over manual testing as the scope can range from a few computers in a network to thousands of computers on a network. Automated testing ensures that all the IPs in the network are scanned thoroughly.
Validation
Once we get a list of all the vulnerabilities provided by automated scans, we will manually validate them, as there is a chance that vulnerabilities reported by automated tools turn out to be false positives. Tools like nmap and metasploit can be used to confirm if the vulnerabilities reported are true positives or false positives. This process removes all the false positives from the automated scans, so only valid vulnerabilities are reported. Also, in this step, evidence is collected to ensure that true positives and false positives are separated.
Internal quality review
Before the report of findings is made, an internal quality review is conducted. This step ensures that the test results are accurate, complete, and follow a consistent methodology.
Reporting
Based on the internal quality review, a report is prepared. This report includes a detailed explanation of the identified vulnerabilities, their potential impact, and recommendations for remediation. This report is comprehensive and includes all the necessary information for the product team to understand the security issues and their resolution.