Network Penetration Testing for a US Law Firm
The Customer is a prestigious US law firm with over 100 years of experience and more than 1,000 employees on board. The Customer provides worldwide legal advisory services in real estate, insurance, finance, environment, intellectual property, labor and employment, construction, and other areas.
Dealing with large amounts of confidential information (clients’ personal information, bank information, intellectual property, etc.), the Customer was concerned that potential security gaps in their extensive IT network could lead to huge financial losses and reputational damage.
As a step towards solid cyber defense, the Customer needed to evaluate the security level of the corporate network and fix found vulnerabilities to prevent unauthorized access to sensitive data.
The Customer commissioned ScienceSoft to perform IT network security testing. ScienceSoft’s certified cybersecurity specialists conducted black box and gray box penetration testing in 11 days. The black box approach to testing presupposed strictly limited knowledge of the network, while during gray box testing, security testing engineers had valid user credentials to operate within the network.
Penetration testing included:
- Automated vulnerability scanning of the external perimeter and internal network environment, including servers, employees’ workstations and network services (file sharing and transfer, remote access, email and web services, firewalls, IPS, etc.).
- Manual validation of automated scanning results.
- Defining the severity of detected vulnerabilities, according to commonly used NIST CVSS standards.
- Exploiting critical vulnerabilities and attempting to break into the network to access sensitive data via the imitation of brute-force attacks, input data manipulation, etc.
The overall network security level was assessed as low due to over 100 found security issues, including:
- Outdated versions of Cisco TelePresence VCS, OpenSSH and SSL.
- Unsupported Windows and UNIX OS versions.
- Improper processing of packets by the Secure Channel security package.
- Browsable web directories.
- Null session (with no login or password) authentication on a remote host.
- Unsupported version of Microsoft SQL Server, etc.
ScienceSoft’s security team documented all issues and offered detailed remediation guidance to address the security gaps. In addition to technical recommendations, ScienceSoft’s security experts recommended social engineering testing to check the security awareness of the Customer’s employees and see if they need training on IT security.
The Customer received detailed reports with the description of detected vulnerabilities, their classification according to the severity and likelihood of exploitation, as well as recommendations on how to mitigate the discovered vulnerabilities. After vulnerabilities were fixed according to the suggested remediation plan, ScienceSoft carried out re-testing and confirmed an increased security level of the Customer’s IT network.
Technologies and Tools
Metasploit, Wireshark, Nessus, Burp Suite, Nmap, w3af, cURL, Nikto, DIRB, SSLScan, custom scripts (Python, C and Perl scripts to exploit vulnerabilities)