Penetration Testing and Intrusion Detection Report - Security Analysis

Verified

Added on  2022/08/18

|57
|5094
|316
Report
AI Summary
This report provides a comprehensive overview of penetration testing and intrusion detection. It explores the importance of these techniques for both attackers and network administrators. The study delves into reconnaissance and scanning, essential for identifying vulnerabilities, and discusses the differences between active and passive reconnaissance. It analyzes the use of various scanning tools, including Metasploit, Nmap, and Nessus, and examines the critical analysis of network topologies. The report also covers Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), highlighting their key differences. It discusses technical issues encountered during network scanning and concludes with an evaluation of security measures. The report includes detailed screenshots and appendices to illustrate the concepts discussed, providing a practical understanding of penetration testing and intrusion detection processes.
Document Page
Running head: PENETRATION TESTING AND INTRUSION DETECTION
Penetration Testing and Intrusion Detection
Name of the Student
Name of the University
Author Note
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1PENETRATION TESTING AND INTRUSION DETECTION
Abstract
In the last decade penetration testing and intrusion detection techniques have
advanced a long way and it has never been this important. Penetration testing and
Intrusion Detection is not just important to attackers trying to break into a network but
also to network administrators trying to protect the network of their organization. This
study is to talk about how reconnaissance and scanning are necessary for attackers
to attack the target hosts of remote systems. These services are also important for
network administrators to check how secure their network is in preventing attackers
from hacking into the network or gaining access to sensitive information. Hence, the
study also talks about IDS and IPS and their key differences. After mentioning the
technical issues faced in scanning networks, the study comes to an end.
Document Page
2PENETRATION TESTING AND INTRUSION DETECTION
Table of Contents
List of Tables............................................................................................................................6
List of Figures...........................................................................................................................6
List of Appendices...................................................................................................................8
Introduction.............................................................................................................................10
Section A.................................................................................................................................10
Section B.................................................................................................................................12
1) Scan of Metasploit Virtual Machines....................................................................12
Use of Scanning Tools..................................................................................................13
Critical Analysis..............................................................................................................13
Network Topology: Attacker Network.........................................................................15
Network Topology: Target Network............................................................................16
Analysis...........................................................................................................................17
2) Use of Nessus Scanner to find vulnerabilities....................................................17
Installing and Running of Nessus Scanner...............................................................17
Scan and Analysis of the Results...............................................................................17
Investigation...................................................................................................................18
Security Analysis on Different Vulnerabilities............................................................19
Evaluation of UFW, IDS and IPS....................................................................................19
UFW usage.....................................................................................................................19
Differences between IDS and IPS..................................................................................20
Document Page
3PENETRATION TESTING AND INTRUSION DETECTION
Snort Setup and Configuration....................................................................................21
Metasploit and Armitage...................................................................................................21
Technical Issues............................................................................................................21
Conclusion..............................................................................................................................22
Bibliography............................................................................................................................23
Appendix.................................................................................................................................27
Differences between Active and Passive Reconnaissance........................................27
Risk Impact Table..............................................................................................................27
Differences between IDS and IPS..................................................................................27
Attacker IP Address..........................................................................................................28
Setting up Metasploit and Discovering Virtual Machine hosts...................................29
Automatic Server Setup....................................................................................................29
Nmap Scan of hosts with Armitage................................................................................30
Specifying Network of Target System............................................................................31
Scan completion adds Attacks Tab on hosts................................................................31
Discovered Hosts are shown...........................................................................................32
Port Scan of Network Hosts.............................................................................................32
OS and Port Details of Metasploit VM hosts.................................................................33
Nmap Scan of Target Network........................................................................................34
Nmap scan of Hosts with Zenmap..................................................................................35
Services running in Hosts................................................................................................36
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4PENETRATION TESTING AND INTRUSION DETECTION
Masscan Results for Open TCP ports............................................................................37
Hping3 Scan.......................................................................................................................38
Installing and Running of Nessus Scanner...................................................................38
Exception for Nessus Scanner........................................................................................39
Account Creation...............................................................................................................39
Nessus Initialization..........................................................................................................40
Nessus Scanner Portal.....................................................................................................40
Advanced Scan..................................................................................................................41
Saving Configuration.........................................................................................................41
Analysing Completed Scan..............................................................................................42
Investigating Findings.......................................................................................................42
List of Vulnerabilities.........................................................................................................43
Medium Vulnerabilities......................................................................................................43
Individual Hosts and OS...................................................................................................44
Detected Topology of the Network.................................................................................45
Attacker Network...........................................................................................................45
Target Network..............................................................................................................46
Port Details of Target Network........................................................................................47
Port Details of Specific Host............................................................................................48
Snort Setup.........................................................................................................................48
Creating Custom Rules....................................................................................................49
Document Page
5PENETRATION TESTING AND INTRUSION DETECTION
Snort Configuration...........................................................................................................49
Configured Rules...............................................................................................................49
Browsing Attacks...............................................................................................................50
Completion of Attack Analysis.........................................................................................50
Browsing of new Attack tab..............................................................................................51
Checking Vulnerability......................................................................................................51
Running FTP Exploit Checks...........................................................................................52
Launching the Attack........................................................................................................53
Start of Attack on a specific host.....................................................................................54
Attempt to Exploit Servers................................................................................................55
Technical Issues................................................................................................................56
Document Page
6PENETRATION TESTING AND INTRUSION DETECTION
List of Tables
Differences between Active and Passive Reconnaissance
Risk Impact Table
Differences between IDS and IPS
List of Figures
Attacker IP Address
Setting up Metasploit and Discovering Virtual Machine hosts
Automatic Server Setup
Nmap Scan of hosts with Armitage
Specifying Network of Target System
Scan completion adds Attacks Tab on hosts
Discovered Hosts are shown
Port Scan of Network Hosts
OS and Port Details of Metasploit VM hosts
Nmap Scan of Target Network
Nmap scan with Zenmap
Masscan Results for Open TCP ports
Hping3 Scan
Installing and Running of Nessus Scanner
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7PENETRATION TESTING AND INTRUSION DETECTION
Exception for Nessus Scanner
Account Creation
Nessus Initialization
Nessus Scanner Portal
Advanced Scan
Saving Configuration
Analysing Completed Scan
Investigating Findings
List of Vulnerabilities
Medium Vulnerabilities
Individual Hosts and OS
Detected Topology of the Network
Port Details of Specific Host
Snort Setup
Creating Custom Rules
Snort Configuration
Configured Rules
Browsing Attacks
Completion of Attack Analysis
Browsing of new Attack tab
Document Page
8PENETRATION TESTING AND INTRUSION DETECTION
Checking Vulnerability
Running FTP Exploit Checks
Launching the Attack
Start of Attack on a specific host
Attempt to Exploit Servers
Technical Issues
List of Appendices
Differences between Active and Passive Reconnaissance
Risk Impact Table
Differences between IDS and IPS
Attacker IP Address
Setting up Metasploit and Discovering Virtual Machine hosts
Automatic Server Setup
OS and Port Details of Metasploit VM hosts
Nmap Scan of Target Network
Nmap scan with Zenmap
Masscan Results for Open TCP ports
Hping3 Scan
Installing and Running of Nessus Scanner
Exception for Nessus Scanner
Document Page
9PENETRATION TESTING AND INTRUSION DETECTION
Account Creation
Nessus Initialization
Nessus Scanner Portal
Advanced Scan
Saving Configuration
Analysing Completed Scan
Investigating Findings
List of Vulnerabilities
Medium Vulnerabilities
Individual Hosts and OS
Detected Topology of the Network
Port Details of Specific Host
Snort Setup
Creating Custom Rules
Snort Configuration
Configured Rules
Browsing Attacks
Completion of Attack Analysis
Browsing of new Attack tab
Checking Vulnerability
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
10PENETRATION TESTING AND INTRUSION DETECTION
Running FTP Exploit Checks
Launching the Attack
Start of Attack on a specific host
Attempt to Exploit Servers
Technical Issues
Introduction
The following study tries to highlight how penetration testing and intrusion
detection techniques have advanced such a long way in the last decade and has
never been so important. Penetration testing and Intrusion Detection is not just
important to attackers trying to break into a network but also to network
administrators trying to protect the network of their organization. This study starts by
talking about how reconnaissance and scanning are necessary for attackers to
attack the target hosts of remote systems and discusses about both active and
passive reconnaissance in detail with the help of table of differences. These services
are also important for network administrators to check how secure their network is in
preventing attackers from hacking into the network or gaining access to sensitive
information. The study makes a thorough analysis of the scanning process by
demonstrating the scans with the help of different tools and mentions the benefits
drawbacks. Hence, the study also talks about IDS and IPS and their key differences.
After mentioning the technical issues faced in scanning networks, the study ends
with concluding notes.
Section A
The five phases of hacking are found to be the following
Document Page
11PENETRATION TESTING AND INTRUSION DETECTION
Reconnaissance
Scanning
Gaining Access
Maintaining Access
Clearing Tracks
Among the above the reconnaissance process involves of two key types of
activities which are active reconnaissance and passive reconnaissance. Out of the
five phases, reconnaissance is the preparatory phase in which attackers try
gathering all the information possible regarding the various target systems before
carrying out attacks them. The two differences between the two different types of
activities are given in the table ‘Types of Reconnaissance’. Active reconnaissance
includes directly interacting with the target system, scanning of ports, target profiling
and validation. Passive Reconnaissance however, involves gathering information
without direct interactions with target system, search of public records, identification,
selection and social profiling of target.
Active Reconnaissance Passive Reconnaissance
Acquires information through direct
interactions with the target system
Acquires information without direct
interactions with the target system
Can involve probing of networks to
detect accessible hosts, router
locations, open ports and details of
target OS services
Can involve search of public records
information, news releases sniffing and
similar activities
Involves system profiling of target Involves social profiling of target
Includes validation of the target Includes identification and selection of
chevron_up_icon
1 out of 57
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]