Ruchi-SO523
Network VAPT
1
�What Is Network VAPT
Vulnerability assessment and penetration testing are ways to find and fix weaknesses
in a network or system. This helps prevent unauthorized access and attacks. For example,
routers, switches, and firewalls are checked to make sure they are secure. By strengthening
these basic security layers, it becomes harder for attackers to get to the more sensitive parts of
the system. Penetration testing also helps uncover any unauthorized access to sensitive
information. Once organizations know where their vulnerabilities are, they can take action to
protect their networks better.
There are two components of VAPT services -
Vulnerability Assessment - Vulnerability Assessment is like checking a building for
potential weak spots before it's occupied. You look for any cracks, faulty wiring, or
security gaps that might be dangerous. This process involves scanning and examining
everything to find these issues and make a list of them.
Penetration Testing - Penetration Testing is like hiring a team of experts to break into
that building to see how secure it really is. They try to exploit the weak spots found
during the assessment to see how serious the risks are and if they can actually gain
access. This test helps to understand how well the security measures work in real-life
scenarios.
Network VAPT Process:
Data Collection: Various software and tools are used to gather information about the
network to find potential weak spots.
Initial Assessment: Based on the collected data, the network is examined for
weaknesses. Test attacks are launched to identify possible entry points for hackers.
Professional Testing: Expert testers use special methods to launch attacks on the
systems to see how vulnerable they are.
Response Analysis: After multiple attacks, the system's responses are analyzed. Both
static (how it stands) and dynamic (how it behaves under attack) analyses are done to
understand its reactions.
2
� Reporting: Detailed reports are created to highlight the findings and suggest actions to
fix any issues found
Types of Network VAPT:
Internal Testing: This involves checking for vulnerabilities within the organization's
internal network. It includes testing things like internal servers, firewalls, and data
components such as database and file servers to ensure they are secure.
External Testing: This involves testing the network from outside the organization's
premises. It looks at all external factors that could affect the network's security to see
how vulnerable the network is to outside attacks.
Network VAPT Benefits:
Network VAPT helps you understand the physical setup and design of your IT
infrastructure. It provides detailed information about weak spots and vulnerabilities so that
experts can fix them before someone can hack into the system or steal data. Network
penetration testing is complicated and depends on the size of the network. It checks for flaws
at the network level, misconfigurations, wireless network vulnerabilities, product-specific
issues, weak protocols, and passwords. Regular audits ensure that everything is secure. By
identifying and exploiting vulnerabilities, network penetration testing helps prevent threats
before they happen, rather than just reacting after an incident.
Benefits of network VAPT in cyber security -
Identify Network Configuration Issues -
Network Vulnerability Assessment and Penetration Testing (VAPT) helps find and fix weak
spots in a network's setup. Think of it like a security check for your home. Sometimes, the
locks (firewalls) might not be set up correctly, or maybe you left a window open (default
3
�settings), making it easy for intruders (hackers) to get in. VAPT helps spot these problems so
you can fix them and make your network safer.
Detect Unauthorized Devices -
Vulnerability Assessment and Penetration Testing (VAPT) checks your network to find any
devices that shouldn't be there. It's like making sure no strangers are hiding in your house. If a
bad guy connects their device to your network, VAPT will spot it, helping you keep your
sensitive information safe.
Check Firewall Protocols -
A firewall acts like a security guard for your network, letting good data in and keeping bad data
out. VAPT tests how well this security guard is doing its job. It checks the firewall's settings
and pretends to be an attacker to see if the firewall can stop them. This helps make sure your
firewall is strong and working correctly.
Identify Vulnerable Network Services -
Vulnerability Assessment and Penetration Testing (VAPT) helps find weak spots in the
programs and services running on your network devices. It's like checking if your software
needs an update. If a program is outdated, hackers might know how to break into it. VAPT
shows you which ones need updating or turning off to keep your network safe.
Strengthen Remote Access Security -
With more people working from home, it's important to make sure remote access to your
network is secure. VAPT checks how safe your VPNs and other remote access tools are. It
looks for weak spots or outdated security features to make sure hackers can't easily eavesdrop
on or steal data from remote connections.
4
� Protection Against DoS Attacks -
A Denial of Service (DoS) attack is like someone flooding a store with too many customers so
that real shoppers can’t get in. VAPT checks your network to find weak spots that could let
someone do this kind of attack. It looks for issues like not having enough bandwidth or poorly
set-up network settings, helping you fix them so your network stays open and running
smoothly.
Ensure Compliance -
Many industries have rules to make sure companies keep sensitive data safe, like PCI DSS for
payment information or HIPAA for health data. VAPT helps companies follow these rules by
checking their network and security systems. If a company doesn't follow these regulations, it
could face fines or legal trouble. VAPT ensures everything is tested and up to standard so
companies stay compliant and avoid problems.
Enhance Network Monitoring
After a VAPT, the report helps improve how you watch over your network. It finds gaps in your
current monitoring setup and suggests better ways to keep an eye on things. With improved
monitoring, you'll catch and respond to any suspicious or unusual activity faster, keeping your
network safer.
Build Customer Trust -
When your network is secure, customers feel safe knowing their data is protected. VAPT helps
find and fix any security issues that could lead to data breaches. By showing that you take data
safety seriously, you build trust with your customers, making them more likely to stay loyal
and attract new ones.
What are the steps involve in VAPT -
Information Gathering: This is like gathering clues before a treasure hunt. The team
collects details about the target, like IP addresses and technologies, to understand where
and how they might be able to break in.
5
� Planning/Scoping: This step is like making a game plan. The team decides what they
want to test, which tools they’ll use, and what they aim to find. This helps everyone
know what to expect from the test.
Automated Vulnerability Scanning: Here, the team uses software tools to quickly
scan the network for common weaknesses, like outdated software or poor settings, that
hackers might exploit.
Manual Penetration Testing: Skilled testers then manually check for security issues
that the automated tools might have missed. They simulate real attacks to see how well
the current security holds up and what could happen if a hacker got through.
Reporting: After the test, the team writes a detailed report showing what they found.
It includes all the vulnerabilities, how serious they are, and steps to fix them. It also
provides technical details and advice on improving security.
Remediation: The development team uses the report to fix the security issues. The
testing team often helps them understand where the problems are and how to address
them. Both teams work together to make the network secure.
Retesting: Once the fixes are applied, the testing team checks again to make sure
everything is working and that no new issues were introduced. They create a final report
summarizing the entire VAPT process.
LoA/Security Certificate: Finally, the testing team gives a letter of attestation (LoA)
to the client, showing they completed the VAPT successfully. This certificate helps
build trust with stakeholders and shows the company is following industry regulations.
The importance of network VAPT for organizations in todays business -
Network VAPT is important for organizations for several reasons which include
Identifying Security Risks -
Vulnerability Assessment and Penetration Testing (VAPT) are methods used to find and
understand security weaknesses in a company's network and systems. By thoroughly
checking their systems, companies can see where they might be at risk and how a hacker
could potentially break in. This helps them fix problems before any real damage can
happen.
6
� Prioritizing Security Efforts -
Vulnerability Assessment and Penetration Testing (VAPT) helps companies figure out
which security issues are the most important to fix first. By finding out where they are
most vulnerable and what the biggest threats are, companies can concentrate their
efforts on protecting their most crucial systems and data. This way, they can make sure
the most important parts are secure.
Compliance With Regulations And Standards -
Vulnerability Assessment and Penetration Testing (VAPT) helps companies follow
important rules and standards for protecting data. By doing regular VAPT checks,
companies can show they have the right protections in place to keep sensitive
information safe. This helps them comply with laws and industry standards about data
privacy and security.
Some popular tools used for Network Vulnerability Assessment and Penetration Testing
(VAPT):
1. Nmap - Network scanning and discovery.
2. Nessus - Vulnerability scanning and management.
3. OpenVAS - Open-source vulnerability assessment.
4. Metasploit - Exploitation framework for penetration testing.
5. Wireshark - Network protocol analyzer.
6. Burp Suite - Web application security testing.
7. Nikto - Web server scanning for vulnerabilities.
8. Aircrack-ng - Wireless network security testing.
9. Snort - Network intrusion detection system.
7
� Research on different tools & methods for Network Scanning
network scanning tools:
Nmap: Scans a network to find out which devices are connected and what services
they’re running. It provides detailed information about each device.
Wireshark: Captures and analyzes data packets traveling over the network. It helps you
see what kind of data is being sent and received.
Angry IP Scanner: Quickly checks which IP addresses in a range are active. It’s a fast
and straightforward tool for finding devices on a network.
Zenmap: The graphical version of Nmap. It makes it easier to use Nmap’s features with
a visual interface instead of command lines.
Nessus: Scans for security vulnerabilities in your network. It helps identify weaknesses
that could be exploited by hackers.
OpenVAS: Similar to Nessus but open-source. It checks for security issues in your
network to help you keep it secure.
Netcat: A versatile tool that can read and write data across network connections, useful
for diagnosing network problems
Methods For Network Scanning:
Ping Scanning: Checks which devices are online by sending a signal and waiting for a
response.
Port Scanning: Looks at which communication channels (ports) on a device are open
and accepting connections.
Service Detection: Identifies what services or applications are using the open ports on
a device.
Operating System Detection: Determines the operating system a device is using based
on its responses.
Vulnerability Scanning: Searches for security weaknesses or issues in devices and
software.
Network Mapping: Creates a visual layout of how devices are connected in a network.
Traffic Analysis: Monitors and examines the data moving through the network to
understand its activity.
8
� Research on script scanning to identify vulnerabilities (CVEs)
Script scanning is the process of checking computer scripts (which are sets of instructions
for computers) for errors, security issues, or other problems. It's like proofreading a document
to find mistakes or potential issues before using it. This helps ensure that the script works
correctly and doesn't pose any security risks.
What is Script Scanning with Nmap?
Nmap is a tool used to find details about devices and services on a network. One of its powerful
features is the Nmap Scripting Engine (NSE), which lets you run scripts to check for security
weaknesses, called vulnerabilities.
What Are CVEs?
CVEs (Common Vulnerabilities and Exposures) are identifiers for publicly known security
issues in software. Think of them like a list of known problems that can affect different software
programs.
How Does Script Scanning Work?
Find Services:
Nmap first looks at the network to see what services (like websites, file servers, etc.) are
running.
Run Scripts:
It then uses special scripts to check these services for known vulnerabilities. These scripts can
identify specific issues like outdated software or security flaws.
9
�How to Use Script Scanning?
You can use Nmap with the --script option to run these scripts.
For example: To check for a wide range of vulnerabilities:
nmap --script vuln example.com
This command will scan the website "example.com" for many different security issues.
To check for a specific problem, like a particular bug in a web server:
nmap --script http-vuln-cve2017-5638 -p 80 example.com
This checks if the web server on "example.com" has a known issue identified by the CVE
number CVE-2017-5638.
Why Is This Useful?
Finding Weaknesses: It helps you find weaknesses in your network or website
that hackers could exploit.
Detailed Information: You get detailed information about each vulnerability,
including what it is, how severe it might be, and sometimes how to fix it.
Example Scripts:
http-vuln-cve2017-5638: Checks if a website is vulnerable to a specific bug in the Apache
Struts2 software.
smb-vuln-ms17-010: Looks for a serious security hole in old Windows systems, which hackers
used for the WannaCry ransomware attack.
10
� Research on tools and techniques for analysing network traffic
Tools for Analyzing Network Traffic
Wireshark:
Wireshark Captures and inspects data packets traveling over the network. It Helps Lets you see
detailed information about the data being sent and received, helping you troubleshoot problems
or identify unusual activity.
Tcpdump:
A command-line tool that captures network packets and displays them. It Useful for quick,
detailed packet capture and analysis, especially on servers or systems without graphical
interfaces.
NetFlow Analyzer:
collect and analyze flow data from network devices (like routers). They Provide insights into
traffic patterns, bandwidth usage, and network performance, helping you manage and optimize
network traffic.
SolarWinds Network Performance Monitor:
Monitors network performance and traffic. It Offers a user-friendly interface to track network
health, spot slowdowns, and identify issues.
PRTG Network Monitor:
Monitors network traffic, devices, and applications. It Provides real-time traffic analysis and
alerts for any network issues.
Techniques for Analyzing Network Traffic
Packet Capturing:
What It Is: Collecting data packets as they travel through the network.
How It Helps: Lets you see the content and structure of the data, which is useful for
troubleshooting and security analysis.
11
� Flow Analysis:
What It Is: Analyzing metadata about network traffic flows, like source and destination IP
addresses.
How It Helps: Provides a high-level view of network usage and helps in understanding traffic
patterns and performance.
Protocol Analysis:
What It Is: Examining the specific network protocols (like HTTP, FTP) being used.
How It Helps: Helps in diagnosing issues related to specific protocols or services.
Traffic Shaping:
What It Is: Managing and controlling network traffic to ensure optimal performance.
How It Helps: Helps prioritize critical traffic and prevent congestion, improving overall
network efficiency.
Anomaly Detection:
What It Is: Identifying unusual patterns or behaviors in network traffic.
How It Helps: Can indicate potential security threats or operational issues, allowing for timely
intervention.
tools like Wireshark and Tcpdump help capture and inspect network traffic, while
techniques like packet capturing and flow analysis provide insights into how data moves
through the network. These tools and techniques help in managing, troubleshooting, and
securing network environments.
12
�Reference
https://www.ecsbiztech.com/network-vulnerability-assessment-penetration-testing-
vapt/#:~:text=What%20is%20Network%20VAPT%3F,reduce%20or%20nullify%20the%20ri
sks.
https://secureclaw.com/blogs/What-is-Network-VAPT
https://cyberops.in/network-vapt
https://qualysec.com/network-vapt/
13
�14
� Objective - Scan www.testfire.net for the services in the open ports and the potential
vulnerabilities using Nmap.
Open Ports:
Port 80 (HTTP)
Service: Apache Tomcat/Coyote JSP engine 1.1
This is a web server running a web application, likely on Apache Tomcat.
Port 443 (HTTPS)
Service: Apache Tomcat/Coyote JSP engine 1.1
This port is used for secure web connections (HTTPS) and also runs on Apache Tomcat
Apache Tomcat.
Port 8080 (HTTP-Proxy)
Service: Apache Tomcat/Coyote JSP engine 1.1
Another instance of a web server, likely used for an alternate web application or a development
environment.
15
� Potential Vulnerabilities:
Apache Tomcat/Coyote JSP Engine:
If not properly secured or updated, these services may have vulnerabilities that could be
exploited, such as Remote Code Execution (RCE), information disclosure, or unauthorized
access.
Recommendations:
Update Software:
Ensure that the Apache Tomcat servers are running the latest versions and that all security
patches are applied.
Secure Configuration:
Review and secure the configuration of the web servers. Disable unnecessary features, and
ensure that sensitive files are not accessible to unauthorized users.
16
�Use Strong SSL/TLS Configurations:
For HTTPS (Port 443), ensure that strong encryption protocols and ciphers are used. Avoid
deprecated versions of SSL/TLS.
Access Control:
Implement strong access controls, including proper authentication and authorization
mechanisms, to prevent unauthorized access.
Monitor and Log:
Monitor the traffic and activities on these ports and log any suspicious activities for further
analysis.
17
� scan showed that the website www.testfire.net (65.61.137.117) has a security weakness
on its HTTPS port (443). This weakness is due to using weak Diffie-Hellman parameters for
secure communication, making it easier for attackers to listen in on the connection.
Vulnerabilities –
Weak Diffie-Hellman Key Exchange:
The HTTPS port (443) is using weak Diffie-Hellman key exchange parameters. This means the
keys used for encrypting the communication are not strong enough, making it easier for
attackers to break the encryption and eavesdrop on the communication.
Insufficient Group Strength:
The Diffie-Hellman group being used has insufficient strength, specifically:
Modulus Length: 1024 bits (which is considered weak by today's standards)
Generator Length: 8
Public Key Length: 1024 bits
18
�These vulnerabilities mean that the encryption used for HTTPS communication on this server
is not strong enough to protect against modern attacks, such as:
Passive Eavesdropping:
Attackers can listen to the encrypted communication between the client and the server,
potentially capturing sensitive information.
Man-in-the-Middle Attacks:
Attackers can intercept and alter the communication between the client and the server without
either party knowing.
Logjam Attack:
A specific attack against weak Diffie-Hellman key exchanges that allows an attacker to
downgrade the security of the connection and decrypt the traffic.
the vulnerabilities on the HTTPS port (443) due to weak Diffie-Hellman parameters make the
server susceptible to various types of attacks that can compromise the security of the
communication.
Recommendations
Regularly Monitor and Update:
Regularly check and update your SSL/TLS certificates to keep communication secure.
Stay Updated:
Make sure your SSL/TLS implementation is always updated with the latest security
patches.
19
� Use Stronger Keys:
Use stronger Diffie-Hellman parameters with larger key sizes (2048 bits or higher) to
prevent this vulnerability.
Conclusion
The scan of www.testfire.net found three open ports: PORT 80 (HTTP), PORT 443
(HTTPS), and PORT 8080 (HTTP-proxy).
The HTTPS port (443) has weak Diffie-Hellman parameters, making it vulnerable to
attacks.
20
� Research on a network scanning tool similar to Nmap and compare
the results of both the tools.
Comparison of Nmap and Nessus:
Nmap:
Mainly used for network discovery and security auditing.
Identifies open ports, services running, and operating systems on target devices.
Can also use scripts to detect vulnerabilities, but it’s not its primary purpose.
Nessus:
Primarily designed for vulnerability scanning.
Focuses on finding known vulnerabilities (like software bugs, outdated systems, etc.).
Provides detailed reports with risk levels and fix recommendations.
Functionality and Features:
Nmap:
Lightweight and quick for scanning large networks.
Great for getting a snapshot of network status, like what devices are connected and what
services are running.
Can be extended with Nmap Scripting Engine (NSE) to check for specific issues.
Nessus:
Offers a more comprehensive scan with a focus on security vulnerabilities.
Scans for misconfigurations, weak passwords, and other security issues.
Provides detailed vulnerability descriptions, CVE IDs, and remediation steps.
21
�Ease of Use:
Nmap:
Command-line tool, which can be tricky for beginners but offers great flexibility for
advanced users.
Can be used on the go without setup; just install and run commands.
Nessus:
Has a user-friendly graphical interface, making it easier for users who prefer not to use
the command line.
Requires some setup and registration, but provides guided scans.
Output:
Nmap:
Provides a list of open ports, services, and potential vulnerabilities in a straightforward
text format.
Outputs can be saved in different formats, like XML or plain text.
Nessus:
Generates detailed reports with sections for vulnerabilities, impacts, and solutions.
Reports include risk scores, which help prioritize fixes.
22
