{"id":400,"date":"2015-11-08T20:45:35","date_gmt":"2015-11-08T20:45:35","guid":{"rendered":"http:\/\/nethemba.com\/sk\/?page_id=400"},"modified":"2019-08-05T12:12:45","modified_gmt":"2019-08-05T11:12:45","slug":"penetracny-test-intranetu","status":"publish","type":"page","link":"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/","title":{"rendered":"Penetra\u010dn\u00fd test intranetu"},"content":{"rendered":"<p>Uveden\u00e9 testovanie pozost\u00e1va z viacer\u00fdch f\u00e1z, ktor\u00e9 s\u00fa realizovan\u00e9 v s\u00falade s<a href=\"http:\/\/www.isecom.org\/mirror\/OSSTMM.3.pdf\">OSSTMM, kapitola 10 \u2013 Telecommunications Security Testing<\/a>. Pou\u017eit\u00e9 n\u00e1stroje a postupy s\u00fa definovan\u00e9 v <a href=\"http:\/\/www.vulnerabilityassessment.co.uk\/Penetration%20Test.html\">Penetration Testing Framework<\/a>.<\/p>\n<p>Test je realizovan\u00fd z poh\u013eadu potenci\u00e1lneho anonymn\u00e9ho \u00fato\u010dn\u00edka, ktor\u00fd m\u00e1 fyzick\u00fd pr\u00edstup do internej siete (bez pr\u00edstupu do AD), tak z poh\u013eadu be\u017en\u00e9ho zamestnanca spolo\u010dnosti (s pr\u00edstupom do AD).<\/p>\n<p>Samotn\u00e9 testovanie prebieha v \u0161tyroch f\u00e1zach:<\/p>\n<ol>\n<li>Prv\u00e1 f\u00e1za predstavuje scan (enumer\u00e1cia) kompletn\u00e9ho rozsahu TCP\/UDP portov (1-65535) dan\u00e9ho akt\u00edvneho prvku (server, router). Je mo\u017en\u00e9 realizova\u0165 \u0161peci\u00e1lny anti-IDS scan, kedy sa zni\u017euje mo\u017enos\u0165 jeho detekcie pr\u00edpadn\u00fdmi IDS (vhodn\u00e9 na overenie spr\u00e1vnej funkcionality IDS).<\/li>\n<li>N\u00e1jden\u00e9 slu\u017eby ako aj verzie OS\/IOS s\u00fa v druhej f\u00e1ze identifikovan\u00e9 a pomocou sady \u0161pecializovan\u00fdch testovac\u00edch programov s\u00fa odhalen\u00e9 potenci\u00e1lne zranite\u013enosti. S\u00fa\u010dasne s\u00fa odhalen\u00e9 ne\u0161tandardn\u00e9, \u0161ifrovan\u00e9 protokoly (VPN) a pou\u017eitie IPv6. Ide o zmapovanie lok\u00e1lnej siete, dostupn\u00e9 servery, slu\u017eby, pracovn\u00e9 stanice a zariadenia, vykonanie portscanu lok\u00e1lnej siete (dostupn\u00e9 SMTP, DNS, SNMP, SQL, http, a ostatn\u00e9 slu\u017eby), z\u00edskavanie inform\u00e1cii o cie\u013eovom testovacom prostred\u00ed (IP adresy, n\u00e1zvy serverov, sie\u0165ov\u00e1 topol\u00f3gia,&#8230;)<\/li>\n<li>Tretia f\u00e1za predstavuje \u00fatok na bezpe\u010dnos\u0165 sie\u0165ovej infra\u0161trukt\u00fary (VLAN, HSRP, smerovacie protokoly, STP, ..)<\/li>\n<li>\u0160tvrt\u00e1 f\u00e1za pozost\u00e1va z konkr\u00e9tnych \u00fatokov na server pomocou vo\u013ene pr\u00edstupn\u00fdch programov (exploit skriptov) na objaven\u00e9 chyby a overenie re\u00e1lnej hrozby n\u00e1jden\u00fdch zranite\u013enost\u00ed. Pokus o zneu\u017eitie dostupn\u00fdch zranite\u013enost\u00ed a nedostato\u010dnej konfigur\u00e1cie za \u00fa\u010delom prieniku do ostatn\u00fdch syst\u00e9mov a zariaden\u00ed, zv\u00fd\u0161enia pou\u017e\u00edvate\u013esk\u00fdch opr\u00e1vnen\u00ed a pr\u00edstupu k prostriedkom.<\/li>\n<\/ol>\n<p><strong>Ka\u017ed\u00e1 odhalen\u00e1 slu\u017eba je detailne otestovan\u00e1 na zn\u00e1me zranite\u013enosti ved\u00face ku kompromitovaniu servera, pr\u00edpadne \u00faniku citliv\u00fdch inform\u00e1cii.<\/strong><\/p>\n<p>Testovanie zahr\u0148uje:<\/p>\n<ul>\n<li><strong>Sie\u0165ovej infra\u0161trukt\u00fary<\/strong> &#8211; kontrola IP ACL, port security\/802.1x, konfigur\u00e1cie DHCP, mo\u017enos\u0165 ARP flooding\/poisoning, overenie HSRP, SNMP protokolov<\/li>\n<li><strong>Politiky pou\u017e\u00edvate\u013esk\u00fdch hesiel<\/strong> \u2013 pokus o zmenu pou\u017e\u00edvate\u013esk\u00e9ho hesla na jednoduch\u00e9 heslo (\u010d\u00edseln\u00e9, kr\u00e1tke, slovn\u00edkov\u00e9&#8230;) v snahe zisti\u0165 mo\u017enos\u0165 meni\u0165 hesl\u00e1 nevyhovuj\u00face bezpe\u010dnostn\u00fdm \u0161tandardom (nedostato\u010dn\u00e1 politika hesiel), snaha odhali\u0165 sch\u00e9mu tvorby hesiel pri vytv\u00e1ran\u00ed nov\u00fdch \u00fa\u010dtov (pr\u00edchod nov\u00e9ho zamestnanca)<\/li>\n<li><strong>Dom\u00e9ny Windows<\/strong> \u2013 snaha o zmapovanie stromu pou\u017e\u00edvate\u013eov, prostriedkov a nastaven\u00ed pomocou LDAP pr\u00edstupu, zistenie mo\u017enosti vyu\u017e\u00edvania n\u00edzkych bezpe\u010dnostn\u00fdch \u0161tandardov pri overovan\u00ed v dom\u00e9ne (NTLM), pokus o z\u00edskanie dom\u00e9nov\u00e9ho admina<\/li>\n<li><strong>Vonkaj\u0161ie a postrann\u00e9 komunika\u010dn\u00e9 kan\u00e1ly<\/strong> \u2013 mo\u017enos\u0165 vyu\u017e\u00edva\u0165 extern\u00e9 po\u0161tov\u00e9 servery, proxy servery, DNS servery s cie\u013eom pou\u017e\u00edva\u0165 postrann\u00e9 komunika\u010dn\u00e9 kan\u00e1ly (HTTP alebo DNS tunel) a ob\u00eds\u0165 politiku pr\u00edstupu k ned\u00f4veryhodn\u00fdm cie\u013eov\u00fdm prostriedkom (posielanie SPAMu, pr\u00edstup na web mimo firemn\u00fd proxy server) a zaznamen\u00e1vanie v bezpe\u010dnostn\u00fdch logoch a na \u00fanik inform\u00e1ci\u00ed.<\/li>\n<li><strong>Managementu rozhran\u00ed a hardv\u00e9rov\u00fdch zariaden\u00ed<\/strong> &#8211; tla\u010diarne, remote management serverov, prep\u00edna\u010dov, kop\u00edrok at\u010f.<\/li>\n<li><strong>Pr\u00edstupu k firemnej po\u0161te Exchange<\/strong> \u2013 mo\u017enos\u0165 pou\u017e\u00edvania nezabezpe\u010den\u00fdch protokolov (IMAP, POP3), enumerovanie platn\u00fdch \u00fa\u010dtov pod\u013ea chybov\u00fdch k\u00f3dov servera, mo\u017enos\u0165 posielania po\u0161ty bez opr\u00e1vnenia (open relay), overenie schopnosti mailov\u00e9ho serveru zachyti\u0165 infikovan\u00fd mail v\u00edrom\/trojanom, ktor\u00fd bude adresovan\u00fd na konkr\u00e9tneho pou\u017e\u00edvate\u013ea.<\/li>\n<li><strong>Testovanie DNS z\u00f3n <\/strong>&#8211; Okrem testovania zn\u00e1mych zranite\u013enost\u00ed v konkr\u00e9tnej implement\u00e1cii DNS servera (Bind, Microsoft DNS server) je realizovan\u00fd tie\u017e test konzistencie z\u00f3n na v\u0161etk\u00fdch zadan\u00fdch DNS serveroch, kontrola mo\u017enosti verejn\u00e9ho \u201ezone transfer&#8220;, zranite\u013enos\u0165 na DNS \u201ecaching&#8220; \u00fatoky at\u010f. S\u00fa\u010dasne s\u00fa realizovan\u00e9 detailn\u00e9 penetra\u010dn\u00e9 testy ka\u017ed\u00e9ho DNS servera pre dan\u00fa dom\u00e9nu (aj mimo siete objedn\u00e1vate\u013ea \u2013 v tomto pr\u00edpade je nutn\u00fd ale s\u00fahlas pr\u00edslu\u0161n\u00e9ho prev\u00e1dzkovate\u013ea).<\/li>\n<\/ul>\n<p><strong>S\u00fa\u010das\u0165ou testovania s\u00fa samozrejme aj slovn\u00edkov\u00e9 \u00fatoky a \u00fatoky hrubou silou na odhalen\u00e9 autentifika\u010dn\u00e9 mechanizmy.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Uveden\u00e9 testovanie pozost\u00e1va z viacer\u00fdch f\u00e1z, ktor\u00e9 s\u00fa realizovan\u00e9 v s\u00falade sOSSTMM, kapitola 10 \u2013 Telecommunications Security Testing. Pou\u017eit\u00e9 n\u00e1stroje a postupy s\u00fa definovan\u00e9 v Penetration Testing Framework. Test je realizovan\u00fd z poh\u013eadu potenci\u00e1lneho anonymn\u00e9ho \u00fato\u010dn\u00edka, ktor\u00fd m\u00e1 fyzick\u00fd pr\u00edstup do internej siete (bez pr\u00edstupu do AD), tak z poh\u013eadu be\u017en\u00e9ho zamestnanca spolo\u010dnosti (s pr\u00edstupom [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":381,"menu_order":3,"comment_status":"closed","ping_status":"closed","template":"services_detail.php","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-400","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Penetra\u010dn\u00fd test intranetu - Nethemba<\/title>\n<meta name=\"description\" content=\"Penetra\u010dn\u00fd test je realizovan\u00fd z poh\u013eadu potenci\u00e1lneho anonymn\u00e9ho \u00fato\u010dn\u00edka, ktor\u00fd m\u00e1 fyzick\u00fd pr\u00edstup do intranetu, tak z poh\u013eadu be\u017en\u00e9ho zamestnanca.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Penetra\u010dn\u00fd test intranetu - Nethemba\" \/>\n<meta property=\"og:description\" content=\"Penetra\u010dn\u00fd test je realizovan\u00fd z poh\u013eadu potenci\u00e1lneho anonymn\u00e9ho \u00fato\u010dn\u00edka, ktor\u00fd m\u00e1 fyzick\u00fd pr\u00edstup do intranetu, tak z poh\u013eadu be\u017en\u00e9ho zamestnanca.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:modified_time\" content=\"2019-08-05T11:12:45+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 min\u00faty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/\",\"url\":\"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/\",\"name\":\"Penetra\u010dn\u00fd test intranetu - Nethemba\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/de\/#website\"},\"datePublished\":\"2015-11-08T20:45:35+00:00\",\"dateModified\":\"2019-08-05T11:12:45+00:00\",\"description\":\"Penetra\u010dn\u00fd test je realizovan\u00fd z poh\u013eadu potenci\u00e1lneho anonymn\u00e9ho \u00fato\u010dn\u00edka, ktor\u00fd m\u00e1 fyzick\u00fd pr\u00edstup do intranetu, tak z poh\u013eadu be\u017en\u00e9ho zamestnanca.\",\"breadcrumb\":{\"@id\":\"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/#breadcrumb\"},\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/nethemba.com\/sk\/domov\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Slu\u017eby\",\"item\":\"https:\/\/nethemba.com\/sk\/sluzby\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Sie\u0165ov\u00e1 a syst\u00e9mov\u00e1 bezpe\u010dnos\u0165\",\"item\":\"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Penetra\u010dn\u00fd test intranetu\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/nethemba.com\/de\/#website\",\"url\":\"https:\/\/nethemba.com\/de\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/nethemba.com\/de\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"sk-SK\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Penetra\u010dn\u00fd test intranetu - Nethemba","description":"Penetra\u010dn\u00fd test je realizovan\u00fd z poh\u013eadu potenci\u00e1lneho anonymn\u00e9ho \u00fato\u010dn\u00edka, ktor\u00fd m\u00e1 fyzick\u00fd pr\u00edstup do intranetu, tak z poh\u013eadu be\u017en\u00e9ho zamestnanca.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/","og_locale":"sk_SK","og_type":"article","og_title":"Penetra\u010dn\u00fd test intranetu - Nethemba","og_description":"Penetra\u010dn\u00fd test je realizovan\u00fd z poh\u013eadu potenci\u00e1lneho anonymn\u00e9ho \u00fato\u010dn\u00edka, ktor\u00fd m\u00e1 fyzick\u00fd pr\u00edstup do intranetu, tak z poh\u013eadu be\u017en\u00e9ho zamestnanca.","og_url":"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_modified_time":"2019-08-05T11:12:45+00:00","twitter_card":"summary_large_image","twitter_site":"@nethemba","twitter_misc":{"Predpokladan\u00fd \u010das \u010d\u00edtania":"4 min\u00faty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/","url":"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/","name":"Penetra\u010dn\u00fd test intranetu - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2015-11-08T20:45:35+00:00","dateModified":"2019-08-05T11:12:45+00:00","description":"Penetra\u010dn\u00fd test je realizovan\u00fd z poh\u013eadu potenci\u00e1lneho anonymn\u00e9ho \u00fato\u010dn\u00edka, ktor\u00fd m\u00e1 fyzick\u00fd pr\u00edstup do intranetu, tak z poh\u013eadu be\u017en\u00e9ho zamestnanca.","breadcrumb":{"@id":"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/penetracny-test-intranetu\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/sk\/domov\/"},{"@type":"ListItem","position":2,"name":"Slu\u017eby","item":"https:\/\/nethemba.com\/sk\/sluzby\/"},{"@type":"ListItem","position":3,"name":"Sie\u0165ov\u00e1 a syst\u00e9mov\u00e1 bezpe\u010dnos\u0165","item":"https:\/\/nethemba.com\/sk\/sluzby\/sietova-a-systemova-bezpecnost\/"},{"@type":"ListItem","position":4,"name":"Penetra\u010dn\u00fd test intranetu"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/pages\/400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/comments?post=400"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/pages\/400\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/pages\/381"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/media?parent=400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}