- Discovery (Mapping) - Identify the list of live nodes in the network
- Asset Prioritization (Allocation) - Classify assets based on criticality to business
- Assessment / Services Scan
- Identify common UDP services running on the hosts and all listening TCP ports
- Identify the services / Operating System found running & their version
- Identify vulnerabilities in the services enumerated during the above steps
- Reporting - Report the loop holes in the infrastructure along with recommendations to plug them
- Remediation (Fixing loop holes) - Address the vulnerabilities identified based on the recommendations
- Re-Testing - Repeat Activity 1 to 5 and conduct a full re-scan on a quarterly/bi-annually basis
2. Network Security
Network penetration testing services provided by highly qualified and skilled security experts helps enterprises in securing their network. Examining the security posture of Assets is the main goal of the Network Security Program.
DeTaSECURE will conduct an external attack and penetration review exercise targeting the department's internet-accessible IP address by conducting non-intrusive and non-destructive penetration testing from the perspective of an unauthorised user connected to the internet with the goal of accessing information that is only available to authorised users and/or gaining privileged access to the infrastructure.
Vulnerability Assessment Approach
Penetration Testing Approach
- Information Gathering
- Identify IP range information
- Backend database and OS details
- Open ports, active services and version
- Network Mapping
- Enumerate Network
- DNS Enumeration
- Identify different network segments
- Perform “Footprint analysis” of network
- Vulnerability Scanning
- Perform vulnerability scanning using DeTaSECURE proprietary and commercial tools
- Validate identified vulnerabilities
- Exploitation
- Reviewing existence of any backdoor entries
- Reviewing existence of any known vulnerabilities & CVEs
- Gaining access of target machine
- Remove False positive vulnerabilities form VA data
- Recreating the attacks, Confirming attacks taking evidences and POCs
- Reporting
- Building security tackers and dashboard
- Sharing reports
- Report identified vulnerabilities / security flaws / weaknesses in infrastructure components along with the possible impact, root cause and remediation process. For each identified weakness, a risk rating would be assigned primarily based on the probable business impact and significance of occurrence. All the test would be done with prior approval from Organization.