The purpose of this activity is to review the tasks relevant to information security assessment testing, identify information security policies, procedures, controls, networks, servers, and workstations to be assessed, and validate the schedule.
A discussion session is then required with the client to:
- Finalize the details of all individuals, systems, servers, applications, and network nodes to be assessed (including IP addresses, roles, and functions)
- Identify key technical and management staff that fall within the scope of assessment
- Gain valuable inputs to validate the project plan
- Consequently, the rules of engagement are finalized
Publicly Accessible Information and Information Leakage
Usually, the attackers may look for as much information as possible before starting the attack. This may include looking for WHOIS records. WHOIS records may contain contact numbers and names of responsible individuals. During our activity, we evaluate all exposures relating to publicly available information, misconfigured server information or any other information which might have been shared unintentionally.
It is a method to collect information about systems. In this process, we use various tools and methodologies to know and learn the definitive way by which an attack can be launched. This involves finding as much information as possible without revealing assessor details. We perform exhaustive fingerprinting of all the systems in scope.
DNS Analysis and DNS Brute-forcing
DNS service resolves the domain names into IP addresses. This may create certain vulnerabilities because of misconfigurations. There can be multiple name-servers for a domain. The slave servers may obtain information from the master servers using DNS zone transfers. If not configured properly attackers might also trick client to perform zone transfers. A zone transfer contains a lot of information. When zone transfers are not allowed, the next method is brute-forcing. This allows discovering subdomains and their corresponding IP addresses. Our team looks for all such misconfigurations.
This technique includes looking for open ports and related services. Stealth scans may be performed to discover these without raising alerts. These ports provide a gateway for intruders to gain access. A proper firewall configuration and server hardening may reduce the risk of being compromised. We assess all such anomalies. Following services are included in this activity:
In the scanning phase, different running services may announce their banner which reveals the OS details thus providing a complete fingerprint for the system. Network scanners can easily accomplish this task.
On all the discovered open ports, various services might be running such as FTP, HTTP and SSH. These services may provide information such as version numbers and their running status. Vulnerabilities may be found against these services and a brute-force may be performed.