Infrastructure security assessment

“Security is not merely a product, but a process” very well said by American Cryptographer Bruce Schneier.

Whether you are a small organization or a big organization Security is the biggest challenge nowadays. Governments are putting more weightage on data security by applying strict compliance/rules and due to an increase in cybersecurity attacks organization needs to have very good security mechanism implemented on their infrastructure.

Let’s understand what, why, how of infrastructure security assessment.

1) What

What is the infrastructure security assessment?

In simple words, we can describe it as

“ It is a method/way by which we are evaluating the security of different devices which are connected to our network.”

OR

“We are trying to find Security GAP or Weakness that are present on devices which are connected to over network so that we can ensure that no malicious actor can take advantage of that to compromise our systems.”

Our Infrastructure can be connected with N-numbers of devices like End-user systems(computers), Security Cameras, Firewalls, IDS/IPS, IoT devices, VoIP devices, Routers, Switches, and the list goes on. Any devices that are connected to our network needs to be secure.

2) Why

why organizations should do an infrastructure security assessment.

Let’s first understand the Aim of the infrastructure security assessment

Aim of the infrastructure security assessment

• Discover all potential vulnerabilities that can be used by malicious actors to gain unauthorized access to our network.

Let’s see one test case to understand why it’s important.

There was a ZYX company which was having 5000 employees and they have huge IT Infrasture. Typically as a normal company, they have some security mechanisms placed on their network like they were having firewalls and Intrusion prevention systems as a first-line defense. They were using Anti-virus solutions on each endpoint. they consider themselves secure by these security mechanisms. after a while, some of the organization’s systems are locked out. they were not able to do anything they just see a screen that asks them to pay RANSOME. So they called CERT ( Computer Emergency Response Team ) and after doing an investigation CERT team find out that “firewall was having some misconfiguration” and due to that Malicious Actors were able to bypass all security mechanisms. CERT team asked the organization when was the last time they did a security assessment and it turns out that the company has never done a security assessment before.

So simple firewall misconfiguration leads to big trouble.

Same way when we do a security assessment we can address this kind of issue before some malicious actors take advantage of them.

3) What & How we do

what we do in infrastructure security assessment and how we do an infrastructure security assessment.

what we do:

We will try to find different vulnerabilities associated with different devices that are connected to the organization’s network.

how we do:

Intelligence Gathering

we will use public information sources to discover different information that is leaked on the internet. we will use active and passive information gathering.

Target identification

Once we have enough information with us we can choose a target. like there will be an N-number of systems within the organization so now we will only target live systems. we will have network diagrams with us and that will be provided by the client or we will create it from scratch so it will be useful throughout the process.

Target Enumeration

Now we will target identified systems in the previous step. we will try to find different information like what security mechanism it has, what os and services are running and lot other things.

Vulnerability identification and analysis

Now once we know how live systems interact with each other. with help of automated scanners, we will know what security mechanisms it has and what os and services are running. now our team will look into a different database that contains previously known vulnerability for a specific version of os or software or services.

Tools we may use for Security assessment:

1. Nmap
2. Nessus
3. Wireshark
4. Aircrack
5. firewalk

Exploitation

Once we present a list of possible vulnerabilities that infrastructure may have to the client and the client gives a green signal then we will try to exploit the vulnerability using publically known exploits.

Reporting

We will note down each and every step that we did in all the phases starting from Intelligence Gathering to exploitation and last we will mention mitigation of vulnerabilities on the report submit it to the client.

4) Benefits

How its Benefits to the organization:

• Once we find out potential vulnerabilities then it’s easy to secure our network by eliminating them. So it reduces the chances for malicious actors to gain unauthorized access to the network.
• We can discover potential vulnerabilities that were previously unknown and that can be a threat to our organization.
• If our infrastructure is secured then it will give confidence to our clients, stakeholders, and partners that we have a strong cybersecurity posture.
• We can ensure that our infrastructure is secure against the latest techniques used by malicious actors.

Conclusion

The Internet era is growing bigger and bigger we are surrounded by internet-connected devices. Day by day malicious actors are finding new ways to compromise organization security. So to keep updated with new tricks we need to do “security assessment” periodically and it’s said that “precaution is better the cure” so every organization should do security assessment after some interval of time.