Back to Blog
Gfi Languard Vs Nessus5/10/2021
Port scans should include number of individual tests, including.
Gfi Languard Vs Nessus Full Disclosure OfThis test may be performed with non-or full disclosure of the environment in question.The test typically begins with publicly accessible information about the client, followed by network enumeration, targeting the companys externally visible servers or devices, such as the domain name server (DNS), e-mail server, Web server or firewall.This test mimics an attack on the internal network by a disgruntled employee or an authorized visitor having standard access privileges.The focus is to understand what could happen if the network perimeter were successfully penetrated or what an authorized user could do to penetrate specific information resources within the organizations network. The techniques employed are similar in both types of testing although the results can vary greatly. Just like a real hacking attempt, the testing team is provided with only limited or no information concerning the organization, prior to conducting the test. The penetration testing team uses publicly available information (such as corporate Web site, domain name registry, Internet discussion board, USENET and other places of information) to gather information about the target and conduct its penetration tests. Though blind testing can provide a lot of information about the organization (so called inside information) that may have been otherwise unknown -- for example, a blind penetration may uncover such issues as additional Internet access points, directly connected networks, publicly available confidentialproprietary information, etc. But it is more time consuming and expensive because of the effort required by the testing team to research the target. In this exercise, the organizations IT and security staff are not notified or informed beforehand and are blind to the planned testing activities. Double-blind testing is an important component of testing, as it can test the organizations security monitoring and incident identification, escalation and response procedures. As clear from the objective of this test, only a few people within the organization are made aware of the testing. Normally its only the project manager who carefully watches the whole exercise to ensure that the testing procedures and the organizations incident response procedures can be terminated when the objectives of the test have been achieved. ![]() A targeted testing approach may be more efficient and cost-effective when the objective of the test is focused more on the technical setting, or on the design of the network, than on the organizations incident response and other operational procedures. Unlike blind testing, a targeted test can be executed in less time and effort, the only difference being that it may not provide as complete a picture of an organizations security vulnerabilities and response capabilities. The data is collected and discoveries are highlighted to the organization. This helps identify whether organizations confidential information has been leaked or whether an electronic conversation involving them has taken place. This enables an organization to take necessary measures to ensure confidentiality and integrity. Network mapping is used to create a picture of the configuration of the network being tested. A network diagram can be created which infers the logical locations and IP addresses of routers, firewalls, Web servers and other border devices. Additionally, this examination can assist in identifying or fingerprinting operating systems. A combination of results from passive research and tools such as ping, traceroute and nmap, can help create a reasonably accurate network map. This technique is aimed at identifying the type of services available on the target machine. The scan result reveals important information such as function of a computer (whether it is a Web server, mail server etc) as well as revealing ports that may be serious security risks such as telnet.
0 Comments
Read More
Leave a Reply. |