Abstract
Information technology presents various benefits to business organizations from speed to simplified methods of achieving complex business goals. The advantages and benefits presented to an organization have lead to its widespread application in numerous business processes across the globe. Similar to any other technology, the application of information technology in business processes exposes the organization to new aspects of threats and attacks in equal measure. Information technology has been widely employed in business for e-commerce purposes, online advertising and customer outreach through business websites and applications. The presence of old and new threats places organization security at an awkward position. It is imperative for network administrators to adopt new methods and techniques of ensuring the security of organization network and systems in equal measure.
Introduction
Instead of employing corrective measures after an organization has suffered from an attack, network administrators should employ the preventive measures as well as adaptive measures so as to effectively address possible network issues and attacks. Network penetration testing has been widespread over the last few years since it is an effective tool for detecting and preventing possible network attacks. Network penetration testing is a technique used to identity and address security loopholes existing in a network system before they are exploited by attackers to gain compromise the security of the network. It is the act of assessing the security of a network system with the intention of identifying and rectifying available exploit spots and vulnerabilities in an organization’s network (Gupta, 2013).
These vulnerabilities and loopholes can be exploited by malicious attackers to gain unauthorized access to the organization’s vital resources and data. Network penetration testing can be described as the unauthorized endeavor to safely examine the security of a network system including all its components. Network penetration testing helps in the mitigation of potential threats and attacks by identifying and correcting loopholes and vulnerabilities present in the network.
Penetration testing
The case presented exhibit various network security flaws that present vulnerability and potential points of attack for malicious attackers. The conditions described for the organization in the case presented can be used to perform network penetration testing on their system. The following tests can be conducted with an aim of identifying vulnerabilities.
Firewall testing
The application and use of firewall protect the organization’s network system from access by unauthorized and malicious connections. To guarantee the security of an organization’s network and information technology system, it is imperative to ensure that the installed firewall application is efficient in detecting the unrecognized connection and possible intrusion attempts. Conducting a penetration test on the firewall helps determine the loopholes and flaws present in the firewall (Engebretson, 2013). The test evaluates the weakness and strengths of the firewall in detecting and preventing possible attacks from the outside environment. Most network attacks start by gathering information on the system pertinent to the attack. Information about the system is the basic tool hackers require to bypass the security of an organization. The function of a firewall is to provide basic security against such attempts to collect information regarding the system.
Expected results
A penetration test on the fire wall tests its ability to secure the network through filtering incoming traffic. The strength of the firewall will determine if it is capable of divulging sensitive information regarding the system used by the organization. A test on the firewall will determine if the firewall is weak or strong (Engebretson, 2013). If the test can return basic system information used by the organization like open ports, workstations, operating systems and the version of the servers used, then the firewall is weak. The firewall configured in the organization is not-stateful, as a consequence, it is expected to release system information.
Software tools for tests
There are various software tools applied in testing the strengths, weakness, and configuration of the firewall. Nmap is one of the most effective tools to perform a firewall test. It examines the network protocols for both Unix and Windows systems with the aim of determining the strengths and weak points of the installed firewall. Nmap is open source and can be scripted for different penetration testing needs. It comes with various features such as UDP and TCP. Additional tools for firewall testing are Nping, Ncat and Ndiff.
LAN testing
All the different department of the organization is connected using the same local area network. Both IT and finance departments deal with sensitive and personal information; they should be operating on a different network from the remaining departments of the organization. Attackers may use this network to gain sensitive network information through social engineering of vulnerable employees like the receptionist. The two departments are connected to the front desk computers as well. This presents a critical threat to the information and data contained in these two sensitive departments (Gupta, 2013).
LAN testing will reveal hidden SSID embedded within the local area network of the organization. SSID can be exploited by malicious attackers to gain access to unauthorized data and information through the local area network. Passive and active techniques alike are used to detect and eliminate hidden SSID within a local area network. LAN testing aims at testing the range and operating frequency through monitoring of network connections as well as packets. Packet analyzer is used to analyze the content of the packets sent and received through the network. The test attempts to compromise the security of network system through MAC address filtering. This test uses such tools as Wireshark, network packet analyzer and Backtrack 5 (airwing, aircon-ng, and air dump).
Testing system components (Servers and Workstations)
The process of penetration testing usually mimics possible actions conducted by malicious attackers so as to gain access to the network system. In most cases, the first step involves acquiring information about the target system such as the workstations, the operating system and the application software installed in the system. Similarly, penetration testing aimed at testing possible loopholes and vulnerabilities will test the network components for exiting and possible loopholes that might be exploited by malicious attackers to gain access to the network.
The operation systems installed in the work station present vulnerabilities which can be exploited by malicious attackers (Engebretson, 2013). The systems are run on Windows 98 and Windows XP. These operating systems are known to have numerous security flaws and vulnerabilities that hackers can easily exploit to access the network. The Active directory which contains sensitive information is operated on a less secure platform (Gupta, 2013). Instead of using LM platform for the active directory, NTLM should be employed given that it exhibit advanced security. Testing on this system can be attained through the administration of malicious Trojan like key loggers to collect data typed in at the workstations. It is capable of collecting a log in credentials which can be further used to exploit the system.
Exploitation or testing these components return sensitive information such as passwords, users name through the application of simple tools such as Comand line (CMD), Cain and Abel, and Metasploit. These tools are used to exploit the flaws existing in Windows XP and 98. The keylogger report collected information back to the attacker via mail. The logs may contain sensitive information such as log in credentials ( and password) as well as other personal information entered into the work stations.
Network Diagram
Figure 1: Network diagram showing the connection of the entire network system
Legal requirement and ethical concerns
Before a network expert, who has been hired to perform network penetration testing, is allowed to test an organization’s network system, there are requirements that must be addressed.
Legal authority; it is imperative for the network expert to have a clearly written and signed authorization by the management that indicates that he has been authorized to perform network penetration testing in the organization's network and system.
The scope of work; the process of penetration testing should outline the areas which will be tested in addition to the type of tests that will be performed. Also, it should outline what is entailed within the scope of the test. It shows the activities that will be done and those that will not be performed on the system. Additional legal requirements that must be adhered to during the process of penetration testing include: professionalism, indemnification, privacy issues, certification and licensing (Engebretson, 2013).
Recommendations
The system presented in the case study has various flaws and security loopholes that attackers can exploit so as to compromise the security of the network and system. It is crucial to employ and practice some preventive and corrective measures and practices. The application and practice of these measures will aid the organization in thwarting and mitigating the negative impacts associated with possible network attacks and exploitation. The first corrective and preventive measure that should be applied involves enhancing the configuration of the firewall.
Also, additional applications can be installed so as to argument the functions provided by the current firewall. It is significant to update constantly and properly configure the existing firewall so as to enhance the security of the network against external threats. It should be set up in a way that it identifies and reject connection requests from suspicious and unidentified sources.
It is imperative to correct the vulnerabilities identified in the existing local area network. It should adopt the use of effective authentication process. It is also recommended that the use of secure encryption tools so as to secure the data transported and communicated using the local area network. Encryption ensures that the integrity of data is not compromised in case malicious attackers intercept the information. The whole network and its hardware should meet all the necessary software specifications and should constantly be updated so as to apply security patches. The stations should be configured with the current and more secure Linux or Windows 7 and antivirus software.
References
Gupta, R. G. (2013). Securing Networks Using Network Penetration Testing.
Engebretson, P. (2013). The basics of hacking and penetration testing: ethical hacking and penetration testing made easy. Elsevier.
Lyon, G. F. (2009). Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure