A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source.  The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures.  The analysis is carried out from the position of a potential attacker, and involves active exploitation of security vulnerabilities.  During penetration testing, NWN will perform the following:

(1)    Scan or test for live systems

(2)    Identify any “listening” or active services

(3)    Test for vulnerabilities

(4)    Attempt to exploit any vulnerabilities identified

(5)    If access is accomplished

        -    Attempt as necessary, to elevate privileges

        -    Evaluate the compromised system to determine its role and/or risk profile

        -    Use access to scan or test for additional live systems

This process iterates throughout the course of the testing in order for NWN to determine the extent of target environment vulnerability.  Any security issues that are found will be presented together with an assessment of their impact.  Because penetration testing identifies and then takes advantage of vulnerabilities, it is not subject to “false positive” results.

When targeting infrastructure systems and devices, NWN will use tools and techniques common to “hackers” to identify and exploit vulnerabilities, then use any access gained to (1) identify sensitive data on the target and (2) identify additional targets. 

The assessment begins with a reconnaissance phase during which NWN searches publicly available sources of information (e.g. target web site, Google, whois lookups, ARIN searches, etc.) to collect as much information about the target environment as possible.  Using this information, the more focused testing will be performed.

After sufficient reconnaissance has been completed, the vulnerability identification phase will begin.  During this phase of testing, NWN will seed to identify vulnerable systems.  Common techniques and tools used during the vulnerability identification phase of penetration testing include Ping Sweeps, Port Scanning, Enumeration & Banner Grabbing, Vulnerability Scanning and Password Cracking

NWN will then attempt to exploit vulnerabilities and gain access to target systems or devices.  This access will then be used to attempt to identify additional targets. The specific process followed will be determined by the specifics of the target environment and by the results of individual techniques.  This process will continue until all avenues for further compromise have been exhausted or the time limits of the testing have been exceeded.

Penetration testing can be conducted from an internal and/or external perspective.  In addition, various methods can be used by penetration testers including attempts at compromising wireless networks, and physical compromise.  The following will be included as part of this project:

-    Internal – Penetration testing will be performed from the perspective on an insider (e.g. a disgruntled but authorized user or an unauthorized attacker who has managed to gain access to an internal system.

-    External – Penetration testing will be performed from the perspective of an external attacker who has no access to internal resources.  The majority of this testing will be performed via the Internet.

-    Wireless – NWN will attempt to gain access to the Client environment via the use of wireless technologies. This may include gaining access to a wireless network, exceeding the permissions or bypassing controls of a wireless network to which NWN has access, etc.

-    Physical – NWN will attempt to gain access to the Client facility.  Once access has been gained, NWN will utilize that access to connect to the Client’s network, access Client computers or install back-door access.

-    Web Applications – NWN will attempt to gain access to sensitive data or systems by exploiting vulnerabilities found in Client web applications.  This is not intended to be comprehensive web application security testing but rather includes web applications in the set of approaches used by NWN during the performance of penetration testing.

Social engineering is a process by which an attacker attempts to convince or trick target personnel into divulging sensitive information or granting the attacker with otherwise unauthorized access and is one of the most effective and successful ways to compromise a target environment.  As such, social engineering should be considered as part of any penetration testing initiative. 

NWN will perform social engineering of Client personnel to determine the likelihood than an attacker would be able to compromise the Client’s environment or gain access to sensitive information using these techniques.  This social engineering may include:

-    Phone calls to Client personnel

-    Emails sent to Client personnel

-    On site visits and face to fact conversations with client personnel

When targeting end users, NWN will utilize these social engineering techniques to entice end users into providing NWN with access to their computer.  This is often done by getting the user to execute a program, enter a URL or click on a provided link.  If successful, these actions can provide NWN with access to the target device.

There are a number of options for collecting targets for social engineering attempts including “Google Hacking”, public database searches, social networking sites, direct contact with Client personnel (e.g. receptionists), etc.  In addition, the Client may provide NWN with a list of targets of particular concern.  If the customer is not providing a list of social engineering targets, NWN will communicate with the primary Customer contact a list of potential social engineering targets discovered during its data collection.  The customer will, at that time, have the option of including or excluding targets as their needs dictate.