Penetration Testing for Network Routers and Switches
Networking equipment presents a key area of concern for today’s IT security organizations based on its highly strategic role in isolating sensitive systems and data from unauthorized access. For instance, given control of a router’s configuration, an attacker could gain access to other networks that otherwise would not be detectable. Likewise, an attacker with command of a switch could quietly steal and manipulate data, as well as inject their own malicious data into switch traffic.
Quickly Identify and Profile Network Devices in Your Environment
The Information Gathering step of iNet|Detect’s Network Device Penetration locates and profiles routers and switches found on your network. If we are able to discern the operating system of a target and confirm it to be a network device, it will attempt to gather additional information and present the device as a potential target for attack and penetration.
- Identify and fingerprint devices to determine manufacturer, device model/type, and operating system details.
- Determine the inputs on which the device accepts connections or instructions, including SNMP, Telnet, HTTP, etc.
- Discover and test the security of broadcasting devices.
Replicate Real-World Attacks Versus Routers and Switches
Unfortunately, network uptime is often prioritized over security. This is especially evident when devices are given simple passwords, or worse, left with default passwords. iNet|Detect’s attack modules reveal exposed devices via dictionary attacks that attempt to guess usernames and passwords to gain access to the device – replicating a common technique employed by actual attackers.
Safely Demonstrate Ramifications of a Compromised Network Device
When we are able to gain access to a network device, we can demonstrate risks to the network that occur subsequent to the initial compromise. Since making material changes to a switch or router’s configuration can seriously disrupt users and networks, Network Device Penetration can demonstrate a breach without interrupting a device’s operation via the following non-aggressive ways:
- Get Configuration: Attempts to retrieve the configuration file of the device and optionally try to crack any passwords that are in use.
- Set Device Name: Rename the network device. This won’t disrupt the operation of the device, but it can be an eye-opening display of its vulnerability to malicious attacks.
- Interface Monitoring: Takes advantage of a legitimate monitoring feature included in many switches, enabling the tester to demonstrate how attackers could intercept copies of data packets.
- Access List Piercing: Compromises a router’s network visibility filtering, allowing us to access networks that were previously off-limits.
Use Network Device Penetration Reports as a Tool for Remediation
As with all penetration testing vectors in Network Device Penetration, you can view the results of network device assessments in clear and actionable reports. Information about network device exposures is included in several Network Device Penetration reports, including:
- Vulnerability Report: Provides specific details about all the weaknesses successfully exploited during penetration testing and how those flaws can be used by attackers to obtain control of a tested system and establish a beachhead for subsequent activity.
- Activity Report: Presents a detailed log of all testing activity, including the relevant data that organizations might need to share with auditors reviewing their security programs.
- Executive Report: Offers a high-level, aggregated view of penetration tests performed, an understanding of how ubiquitous vulnerabilities are, where they reside, how they can be exploited, and where to begin remediation efforts.
