Penetration Testing

The Penetrator’s nonaggressive testing is designed to minimize the risk of causing any problems to a targeted system. This is accomplished by probing the targeted
system to discover what is running on it. As each service running on the target is identified the Penetrator attempts to find out the version and other information
such as which updates and patches have been applied. This information is then compared with the information contained in the Penetrator’s database of known
exploits and vulnerabilities. When a match is found, the potential vulnerability is added to the audit report. In nonaggressive mode, the Penetrator does not actually
run an exploit so the vulnerability is not verified – in many cases, it is possible that a patch or update was correctly applied and that the vulnerability has already
been fixed. Nonaggressive testing is much faster, but it is also more prone to reporting false positives.

The Penetrator also supports aggressive testing in which the information gathered during the probing and discovery phase of each vulnerability test is then tested by
actually running an exploit to verify if the vulnerability is present. If the exploit is successful, the Penetrator will add the result to the audit log. In addition to running
tests against identified potential vulnerabilities, the Penetrator can also run buffer overflow, denial of service and brute force exploits to test for additional
vulnerabilities that cannot be found by the service probing and discovery process. A properly configured and secured system should not be impacted by aggressive
testing; however, a vulnerable system could become unstable or even crash. The purpose of penetration testing is to discover vulnerabilities before a hacker does –
finding out that a system has a problem is better in a controlled test then if a hacker finds the vulnerability on a live system.

The Penetrator is designed so that its tests should not have a negative impact on a stable system; however, some tests such as denial of service can cause minor
problems. If a targeted system does become unstable or crashes when being tested, it is a good indication that the system needs to be fixed. Aggressive testing is
more likely to destabilize or crash a target system, but this type of event will normally only happen if a vulnerability is successfully exploited - not something that
would be expected on a properly configured and secured system.

It is a good idea that if you are going to run an aggressive audit that you schedule a time when any problems that result from the test will not impact other systems
or users. Aggressive penetration tests are also very useful when verifying a build image before release into production.

Penetration testing can impact your network by reducing bandwidth and occasionally interfering with some routers and firewalls. While bandwidth issues can be
expected, destabilizing or crashing a router,firewall or other network device is indicative of a problem on that device. When a problem with a network device is
encountered it needs to be more thoroughly investigated to determine if there is a vulnerability that a hacker could exploit. If a penetration test crashes a network
device a hacker could also crash that device.

The Penetrator does not attempt to install active agents in any of its tests. The purpose of an active agent is to create a new source from which to conduct attacks or
tests on other systems in a target network (commonly referred to as pivoting). This agent typically gains administrator privileges allowing it to have complete control
of the cracked system, download additional agents that can be used to crack other systems on a network and an ability to remove the agent and restore the system
to the way it was before the crack. An agent is designed to function much like a hacker would once a targeted system is hacked. Many organizations have strict
policies that relate to the use of active agents which can be used and installed on a successful crack. Installing an agent on a target system provides positive proof
that a vulnerability exists.

Some reported vulnerabilities may be false positives since the only way to verify for sure that they are real is to successfully install an agent or payload on the
targeted system. It is important that any vulnerabilities that are reported be reviewed by a qualified security expert to determine if the reported vulnerability is a
false positive. The Penetrator includes real-world exploits that use payloads that are not active agents that allow you to verify if a reported vulnerability is real or it
is a false positive. False positives can be flagged so that they do not keep showing up in future reports. If you need help in assessing whether or not you have a
false positive, Aurenav offers several products and services that can more thoroughly validate the audit results. Please contact us for more information.
Reporting Audit results are provided in reports which may be customized and can be saved as PDF, XML or HTML files. Each report lists the vulnerability name and
associated file(s), the risk level (high, medium, low), SecPointID, port number, impact and the evidence proving the vulnerability exists. Optionally, reports
can be generated with a suggested solution and/or a resource to find more information about each reported vulnerability. An executive summary is also
provided which includes a high level overview with the number of vulnerabilities found, the distribution of vulnerability risks and details on when and
where the scan was performed.

Specifications

The Portable Penetrator and Penetrator offer an affordable and easy to use solution for assessing security risks within any organization.

• Includes both the SecPoint vulnerability scanner and exploit engine penetration tester
  Self contained appliance
• No software installation is required - the SecPoint Penetrator and Portable Penetrator are ready to run
• Can be operated in web-based remote mode
• Scans anything with an IP address that is running TCP/IP protocols
• Discovery Mode automatically detects active IP addresses on your network
  
• 0/100/1000 Ethernet connectivity
• Hardened Linux OS
• The SecPoint Penetrator and SecPoint Portable Penetrator are certified CVE-compatible by MITRE (ref:http://cve.mitre.org/compatible/
  organizations.html#s)
• Automatic SecPoint Updates several times per day
• Detailed fix information, which includes links to patches and software upgrades
• Dynamic reporting capability with Executive Summary and a Technical Details Service that shows all the particulars of a given vulnerability
• Flexible and customizable scanning options, which includes SANS/FBI Top 20 and individual exploits

Most security compliance certifications require that penetration audits be conducted each time that changes are made to a system. The following extract from a
Portable Penetrator PP7000 illustrates a real-world case where a penetration was first run against a Windows Server, which produces a list of potential vulnerabilities.
A Windows update was applied and the penetration test was run again showing the same vulnerabilities plus additional vulnerabilities.
Anytime that a change is made to a system, unexpected changes can take place that have the potential to introduce new vulnerabilities into the system. Even
something considered safe such as a manufacturer’s product patch and update service can introduced unexpected changes. The best way to find out if any undesirable
changes have taken place is to run a penetration test.

Some scenarios in which penetration testing is typically required or recommended include:

• • A system needs to be tested prior to entering production or being used on the network
  • An operating system has been updated or patched
  • A new application has been installed
  • An application has been updated or patched
  • A hardware change has taken place
  • A driver has been installed, updated or removed
  • A configuration change has taken place
  • An application has been uninstalled
  • To meet government regulatory or industry mandated requirements
  • A firewall has been installed, changed, updated or removed

• The Portable Penetrator is ideal for testing network segments within data centers and remote data centers, testing larger branch offices, testing Wi-Fi networks,
  testing home offices and for security consultants that need a portable, affordable and easy to use pen test solution.
  Penetrator. The Penetrator is ideal for data centers, remote data centers, branch offices and remote facilities where sending out security auditors can be costly.
  Ultra Portable