|
Today, providing customers, employees, partners, suppliers with remote access into corporate network and applications has become a business necessity. However, a misconfigured remote access implementation would be a direct route into your corporate data. Is essential for your business to properly secure your remote access services to prevent unauthorised access from malicious entities to your internal infrastructure. |
The Remote Access Infrastructure Testing
Methodology is divided into three distinct phases; Profiling, Assessment and
Exploitation.
Additionally, testing will be performed for the supporting infrastructure for hosts and systems within the scope (See External/Internal Infrastructure Methodology for more details).
Profiling Phase
Information Gathering (Reconnaissance) techniques such as Enumeration, Footprinting and Fingerprinting will be performed to gather as much information as possible about the customer’s remote access infrastructure.
Specifically, the following techniques will be used to find and assess any security-related information:-
Information Gathering (Reconnaissance) |
|
VPN/IPSec |
Citrix |
Identify
Supported Modes (Main, Aggressive) |
Enumerate
Citrix Applications |
Encryption
Algorithms and Hashes |
Enumerate
Citrix Servers |
Authentication
Protocols (Pre-Shared, Digital Certificates) |
Identify
Citrix Gateways and Firewalls |
Diffie-Hellman
Group and Lifetime |
|
Assessment Phase
Both automated and manual vulnerability assessment will be performed –based on the information found from the Profiling Phase– against the customer’s remote access infrastructure to ensure that all known and unknown vulnerabilities will be identified.
Specifically, the following vulnerability assessment techniques will be used:-
Vulnerability Assessment |
|
VPN/IPSec |
Citrix |
Lack of
Patching – Identifying the out-of-date systems and services |
Lack of
Patching – Identifying the out-of-date systems and services |
Force
Aggressive Mode – Possibilities to enable insecure aggressive
mode |
ICA/RDP
Command Fixation – Possibilities to execute commands through
ICA/RDP configuration files |
Capture
Pre-Shared Key – Possibilities to capture the Pre-Shared Key |
Command Execution Through GUI – Possibilities to execute commands through Hotkeys, Shortcuts, Scripts, etc. |
Weak
IKE/IPSec Transforms – Identify weak IKE/IPSec Transforms |
Exploitation Phase
At the exploitation stage we will try to exploit and validate the existence of the identified vulnerabilities. Both online and offline password cracking techniques (e.g. Guessing, Dictionary, Hybrid, Brute-force) will be performed against password hashes (e.g. MD5) and/or authentication points found from previous steps of testing. In case of successful exploitation we will try to escalate privileges within applications, hosts and networks.