Chapter 14. Example Assessment Methodology
In this final chapter, I walk through a remote security assessment of a small network protected by a firewall. By reading through this process from start to finish, you will have a good understanding of the overall process. The exercise will identify, attack, and penetrate systems in a class-c network space, from my launch system on a remote network.
Network Scanning
Increasingly, network scanning is becoming a cyclic process, primarily due to the finite amount of time you have to perform a network security assessment exercise and the fact that most firewalls repel fast SYN port scans.
The best practice approach to network scanning is to undertake the following:
Initial network scanning to identify poorly protected hosts and common services
Full scanning to identify all remotely accessible TCP and UDP services
Low-level network testing to gain insight into firewall and host configuration
In this section I perform these tests against the target 192.168.10.0/24 network. By coming up against
the hurdles placed in my way by firewalls and defensive mechanisms, you
will see how my approach is applied to get accurate results.
Initial Network Scanning
In Example 14-1, I
use nmap with the -sP option
to perform an initial sweep of the target network and
identify any obvious accessible hosts that are poorly protected. If I
don’t specify the -PI option,
nmap also sends TCP probes to
port 80 of each host in the target range.
Get Network Security Assessment now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
