TestingGeek

Learn, Share and Keep Learning

Home Testing Types Purpose Of Testing Software Testing - Security Testing
Software Testing - Security Testing
Testing Types - Purpose
Security Testing is very important in today's world, because of the way computer and internet has affected the individual and organization. Today, it is very difficult to imagine world without Internet and latest communication system. All these communication systems increases efficiency of individual and organization by multifold.

Since every one from individual to organization, uses Internet or communication system to pass information, to do business, to transfer money it becomes very critical for the service provider to make sure that information and network are secured from the intruders.

 

Primary purpose of security testing is to identify the vulnerabilities and subsequently repairing them. Typically, security testing is conducted after the system has been developed, installed and is operational. Unlike other types of testing, network security testing is performed on the system on the periodic basis to make sure that all the vulnerabilities of the system are identified.

Network security testing can be further classified into following types


Network Scanning 

Network scanning involves using a port scanner to identify all hosts potentially connected to an organization's network, the network services operating on those hosts, such as the file transfer protocol (FTP) and hypertext transfer protocol (HTTP), and the specific application running the identified service, such as Internet Information Server (IIS) and Apache for the HTTP service. The result of the scan is a comprehensive list of all active hosts and services, printers, switches, and routers operating in the address space scanned by the port-scanning tool, i.e., any device that has a network address or is accessible to any other device.
Port scanners, such as nmap, first identify active hosts in the address range specified by the user using Transport Control Protocol/Internet Protocol (TCP/IP) Internet Control Message Protocol (ICMP) ECHO and ICMP ECHO_REPLY packets. Once active hosts have been identified, they are scanned for open TCP and User Datagram Protocol (UDP) ports that will then identify the network services operating on that host.

All basic scanners will identify active hosts and open ports, but some scanners provide additional information on the scanned hosts. The information gathered during this open port scan will often identify the target operating system. This process is called operating system fingerprinting. For example, if a host has TCP port 135 and 139 open, it is most likely a Windows NT or 2000 host.

While port scanners identify active hosts, services, applications and operating systems, they do NOT identify vulnerabilities (beyond some common Trojan ports). Vulnerabilities can only be identified by a human who interprets the mapping and scanning results. From these results, a qualified individual can ascertain what services are vulnerable and the presence of Trojans. Although the scanning process itself is highly automated, the interpretation of scanned data is not.

Purpose of network port scanning is to
  • Check for unauthorized hosts connected to the organization’s network
  • Identify vulnerable services
  • Identify deviations from the allowed services defined in the organization’s security policy
  • Prepare for penetration testing
  • Assist in the configuration of the intrusion detection system (IDS)
  • Collect forensics evidence
Password Cracking

assword cracking programs can be used to identify weak passwords. Password cracking verifies that users are employing sufficiently strong passwords. Passwords are generally stored and transmitted in an encrypted form called a hash. When a user logs on to a computer/system and enters a password, a hash is generated and compared to a stored hash. If the entered and the stored hashes match, the user is authenticated. An automated password cracker rapidly generates hashes until a match is found. The fastest method for generating hashes is a dictionary attack that uses all words in a dictionary or text file. Another method of cracking is called a hybrid attack, which builds on the dictionary method by adding numeric and symbolic characters to dictionary words. Depending on the password cracker being used, this type of attack will try a number of variations. The attack tries common substitutes of characters and numbers for letters

The most powerful password-cracking method is called the brute force method. Brute force randomly generates passwords and their associated hashes. However since there are so many possibilities it can take months to crack a password. Theoretically all passwords are “crackable” from a brute force attack given enough time and processing power.

Log Review 

Various system logs can be used to identify deviations from the organization's security policy, including firewall logs, IDS logs, server logs, and any other logs that are collecting audit data on systems and networks. While not traditionally considered a testing activity, log review and analysis can provide a dynamic picture of ongoing system activities that can be compared with the intent and content of the security policy.

Snort is a free IDS sensor with ample support. It is a network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. Snort can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI (Common Gateway Interface) attacks, SMB (System Message Block) probes, and OS fingerprinting attempts.

 File Integrity Checker

A file integrity checker computes and stores a checksum for every guarded file and establishes a database of file checksums. It provides a tool for the system administrator to recognize changes to files, particularly unauthorized changes. Stored checksums should be recomputed regularly to test the current value against the stored value to identify any file modifications. A file integrity checker capability is usually included with any commercial host-based intrusion detection system.

WAR Dialing 

In a well-configured network, unauthorized modems are often an overlooked vulnerability. These unauthorized modems provide a means to bypass most or all of the security measures in place. There are several software packages available (see Appendix C) that allow attackers and network administrators to dial large blocks of phone numbers in search of available modems. This process is called war dialing. A computer with four modems can dial 10,000 numbers in a matter of days. Certain war dialers will even attempt some limited automatic hacking when a modem is discovered.

 

0 Comments

Add Comment



Click to get a new image.

Stay in touch

Enter your email address:

Delivered by FeedBurner

Your Opinion Matters

How did you get into testing?
 

What's Popular

Follow Me - Twitter

Follow me on Twitter @ TestingGeek

Services.

Do you need reliable and efficient testing services covering all aspects of software testing? Contact Atlantis Software for all your software testing needs.