In this phase, analyst to ascertain the breadth/scope of the assessment. Main purpose is to identify and determine the total number of systems, servers and other network devices such as firewalls, routers, printers, etc. Outcome of this activity consists of hostnames, IP addresses and network range details. This activity helps to identify every possible avenue of attack surface. Few of the information which our analyst may gather are as follows:

• Domain names
• IP Addresses
• Server/System names IP Ranges
• ISP/ASP information

Live systems identified in the above phase will be actively probed for responses that will reveal its operating system and version level. This activity helps to identify the known operating system vulnerabilities and loopholes which can be patched afterwards with the help of vendor advisory. Outcome of this activity

• OS type (32/64 bit)
• System type (Windows/Linux/Unix)

In this phase, Electidea analyst will map the entire network as observed by him/her during the discovery and fingerprinting phase. This activity will help analyst to prioritize the network segment during the subsequent phases and obtain blueprint of the organization.

The aim of this phase is to identify open ports and services running on them. Testing of different ports and services depends upon the operating system types and services running on it. NMap and Unicornscan along with custom scripts incorporating OpenSSL and Netcat will be used by our analysts. Outcome of this activity will consist:

List of open/closed/filtered ports

• Service types (SMTP, DNS, HTTP, FTP, SSH, etc.)
• Service application type (PureFTPD, openSSH, etc.)

This phase provides holistic approach for risk management to an enterprise. Based on the information collected in first 4 phases, Electidea analyst will find security weaknesses in target systems. It helps to identify how attack can be launched using identified entry points in the systems. This activity is carried out with the help of well-known commercial and non-commercial tools such as Nessus, OpenVAS, Metasploit, etc. in addition to manual approach incorporating in-house scripts. Results of the automated scanners are manually verified in the next phase of the assessment. Types of checks performed are known vulnerabilities identification, configuration flaws, default credentials, patch level, etc.

The vulnerability assessment of any identified web application is conducted based on Electidea Application Security Controls List. Verification: In above ‘vulnerability assessment’ phase, automated scanning tools generate multiple reports along with multiple vulnerabilities at various threat levels. The first action taken by Electidea NISE (network Intelligence and Security Experts) team is to thoroughly analyze and validate each test results generated by the above mentioned tools. It gives client the guarantee of ZERO false positives result at the end.

In order to gauge the business impact of identified vulnerabilities, Electidea analysts may perform controlled exploitation with the client’s prior permission. This phase is not mandatory. However for the client’s better understanding and to evaluate threat, this activity is recommended for the sample set of vulnerabilities. Outcome of this activity will consist:

• Proof of Concepts of successful exploitation

An in-depth network security assessment report will be submitted to the network security team. Also an executive summary report will be provided for the project coordinator and business team.

These are the report highlights:

• Summary of the approach
• scope details
• Vulnerabilities identified
• Vulnerabilities identified
• Business Impact
• Remediation
• References and the guarantee of ZERO false.

Positive result at the end.