Network Security Testing
We live by the network; we die by the network. How much of your personal informa‐
tion is currently either stored outright or at least available by way of the internet,
often referred to as
the cloud
? When we live our lives
expecting everything to be
available and accessible by the network, it’s essential that we assure that our devices
are capable of sustaining attack.
Monitoring
Before we do any testing at all, we need to talk about the importance of monitoring. If
you are doing any of the testing we are talking about
for your company or a customer,
ideally you aren’t taking anything down deliberately unless you have been asked to.
However, no matter how careful you are, there is always the possibility that some‐
thing bad may happen and services or systems may get knocked over. This is why it’s
essential to communicate with the people who own the systems so they can keep an
eye on their systems and services. Businesses are not going to want to impact their
customers, so they will often want staff to be available to restart
services or systems if
that’s necessary.
Some companies may want to test their operations staff, meaning
they expect you to do what you can to infiltrate and knock over
systems
and services, without doing any long-term or permanent
damage. In this case, you wouldn’t communicate with anyone but
the management who hired you.
In most cases, though, companies
are going to want to make sure they keep their production environ‐
ment operational.
If the operations staff is involved, they will want to have some sort of monitoring in
place.
This could be watching logs, which is generally advisable. However, logs are
not always reliable. After all, if you are able to crash a service,
the service may not
have long enough to write anything useful to the logs before failing. This does not
mean, though, that you should discount logs. Keep in mind that the purpose of secu‐
rity testing is to help improve the security posture of the company you are working
for. The logs may be essential to get hints as to what is happening with the process
before it fails. Services may not fail in the
sense that the process stops, but sometimes
the service may not behave as expected. This is where logs can be important, to get a
sense of what the application was trying to do.
There may be a watchdog in place. Watchdogs are sometimes
used to ensure that a
process stays up. Should the process fail, the PID would no longer appear in the pro‐
cess table, and the watchdog would know to restart that process. This same sort of
watchdog capability can be used to determine whether the process has failed. Even if