Network Security Assessment
Immunity uses CANVAS's proprietary scanning and reconnaissance methods, as well as other publicly available tools, to assess the security of networks and systems accessible on client networks. Service identification, host OS identification, remote language detection, and unique data interception techniques are just some of the proprietary technologies that are under constant research and development by Immunity's team.
Network security assessments usually produce very different results for internal versus external assessment. This is usually because of the lack of firewall and other filtering mechanisms on internal networks, and because the large exposure to Internet traffic for external systems means some security attention has usually been given to these systems prior to assessment. Internal reviews often identify patch management and other problems related to vulnerabilities that have already been announced publicly. There is usually a lot of work to be done addressing known and un-patched vulnerabilities on internal networks before the focus can move to assessment for 0day vulnerabilities.
At a network level, internal networks are often open and vulnerable services are widely exposed. Sometimes IT management are aware of this and acknowledge it as a problem, sometimes it is considered a manageable risk. Immunity discusses this with the client prior to an internal network security assessment in order to make appropriate conclusions and recommendations. Other common problems often found on internal systems include inadequate protection of sensitive information due to lack of encryption or authentication controls. Immunity looks for for these problems by examining network traffic, probing systems for exposed services, and examining device and control configurations. New, unknown "0day" vulnerabilities are not usually present at the network layer.
Internal host systems are examined for known operating system vulnerabilities. Server services will also be checked for vulnerabilities such as those present in DNS, SMTP, FTP, WWW and other services. Unless instructed not to, vulnerabilities are usually verified via exploitation with Immunity CANVAS.
Immunity conducts full ICMP, TCP and UDP network scans on external networks to test appropriate firewall configurations. Service fingerprinting helps identify un-patched systems. Systems are also reviewed for inadequate encryption and/or authentication. Immunity uses CANVAS to conduct this review and to attempt vulnerability verification via exploitation of any un-patched hosts or services.
Immunity often combines a network security assessment with application vulnerability analysis in a penetration test.