Network Penetration testing determines vulnerabilities on the network posture by discovering Open ports,Live systems, services and grabbing system banners.
The pen-testing helps administrator to close unused ports, additional services, Hide or Customize banners, Trouble shooting services and to calibrate firewall rules.
Let’s see how can we conduct step by step network penetration testing.
STEP-1: Host Discovery:
The first step of network penetration testing is to detect live hosts on the target network.
We can detect live hosts, accessible hosts in the target network by using network scanning tools such as Advanced IP scanner, NMAP, HPING3, NESSUS.
STEP-2: Port Scanning:
Perform port scanning using tools such as Nmap, Hping3, Netscan tools, Network monitor. These tools help us to probe a server or host on the target network for open ports.
Open ports are the gateway for attackers to enter in and to install malicious backdoor applications.
STEP-3: Banner Grabbing or OS Fingerprinting:
Perform banner Grabbing/OS fingerprinting such as Telnet, IDServe, NMAP determines the operating system of the target host and the operating system.Once you know the version and operating system of target, we need to find the vulnerabilities and exploit.Try to gain control over the system.
STEP-4: Scan for Vulnerabilities:
Scan the network using Vulnerabilities using GIFLanguard, Nessus, Ratina CS. These tools help us in finding vulnerabilities with the target system and operating systems.
STEP5: Draw Network Diagrams
Draw a network diagram about the organisation that helps you to understand logical connection path to the target host in network.The network diagram can be drawn by LANmanager, LANstate, Friendly pinger.
STEP6:Prepare Proxies
Prepare proxies such as Proxifier,SSL Proxy, Proxy Finder..etc, to hide our-self from being caught.
STEP7: Document all Findings
The last and the very important step is to document all the Findings from Penetration testing. This document will help you in finding potential vulnerabilities in your network. Once you determine the Vulnerabilities you can plan counteractions accordingly.
No comments:
Post a Comment