You've done it; your first enterprise network penetration test is now complete. The only problem is that you have what seems like a mountain of vulnerability information, but don't know how to not only parse it to identify the truly relevant weaknesses you've uncovered, but also use that information to strengthen network defenses.
While the thought of starting a network penetration test analysis may make your head spin, in this tip we'll detail a step-by-step process for analyzing and acting on penetration test results data.
During the network penetration testing design process, there are boundaries that need to be laid out to prevent scope creep, namely which devices, services and networks will be tested and which won't; this scope will depend on the objectives of the test. Be sure to document and save this plan, as after the test it will serve as your framework of what the results should (and shouldn't) encompass.
For instance, say your scope included all routers and switches within the organization and the task was to check for any vulnerability that could be associated with those devices. In the process of your scan, the data shows a Windows box that has a vulnerable FTP server on it. While the vulnerable service poses a risk, spending time evaluating a device that is out of scope can impact your penetration test analysis timeline. Such a discovery may be indicative of a minor privilege access management issue or a more serious breach, but either way, simply report the oddity informally and store the information collected.
If time and requirements allow for it, the data can be used in an addendum to your report, presenting a high-level overview of out-of-scope vulnerabilities discovered that need further review. Either way, never destroy results that could be pertinent, but not directly part of the deliverable until given the go ahead.
Read this full article at SearchSecurity
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
