HOME

Cyber Security - Vulnerability Assessment (IP port)

AmerAsia ReportAiTx translated by AmerAsia ////////// SCANNING - We will begin by determining if a host (or a range of hosts) is alive. It may start with a simple ping. If we receive a ping response, then the host is deemed to be alive. If a ping response is not returned, then we will do a TCP-Connect on well-known ports. If the connection is made then the host is deemed to be alive. If a connection is not made then we will use other techniques, including but not limited to, “half-open” connection attempts,` to determine if the host is alive when a firewall is partially blocking access to a host. ////////// PORT FINGERPRINTING Once a host is determined to be alive, we will determine which UDP and TCP ports are providing services. This is called port-fingerprinting. A similar process is used for UDP ports. Two additional processes are executed in parallel with port-fingerprinting: (1) Firewall Fingerprinting and (2) Operating System Fingerprinting. Both of these processes result from information gathered during port-fingerprinting. ////////// FIREWALL FINGERPRINTING We will also determine whether a host is being accessed through a firewall. We are capable of fingerprinting a wide selection of commercial and open-source firewalls. We are also capable of fingerprinting specific packet-filter, state full inspection and proxy based firewalls. ////////// OPERATING SYSTEM FINGERPRINTING We will then identify the Operating System, employing proprietary detection network code that gives it the highest accuracy—approximately 95%—for OS detection. Generally available commercial and free-ware tools accurately detect an OS at a 50% level. OS detection is crucial because services that may be available on multiple platforms, such as Apache, may have vulnerabilities that are present on only one OS. Being able to connect services and operating systems accurately ensures minimization of false-positives. OS Fingerprinting and Firewall Fingerprinting connect in a novel way: we are able to detect the presence of the class of firewall services called port-forwarding when it discovers listeners on ports of the same IP address but with different OSs. ////////// PROTOCOL FINGERPRINTING After port-fingerprinting has been completed, we will fingerprint each protocol found on each port. This is important, because a server found on port-80 might not actually be an HTTP server. We fingerprint each protocol by connecting to live ports and sending requests for each protocol. For example, if an HTTP request is issued, and an HTTP response is returned then this can reasonably be inferred to be an HTTP service. ////////// SERVICE FINGERPRINTING After port-fingerprinting has been completed, we will identify the server providing each protocol. For example, if HTTP services are discovered then we will determine if the server is Microsoft’s IIS web-server, or the Apache Groups httpd, etc. We do not simply rely on the services “banner” (the string-identification provided during an interaction) because security administrators may change banners to hide their configurations. Instead, where possible, we will identify differences in each server’s implementation of its protocol. For example, IIS and Apache return slightly different error-headers when requesting a non-existent webpage following a tilde in the URL. ///////// VULNERABILITY DETECTION After identifying what services are running, we will then perform vulnerability detection and assessment based on the latest and up-to-date vulnerability database that may or may not be available to the general public.

Go To The Article

AmerAsia Company

 

 

AmerAsia Company - Beijing AmerAsia China IT ConsultingData DrillCaliCoin.ioAmerAsia ReportReciprocity Project