|
|
Feel Good About Your Network
|
|
IDsec Limited
31-33 College Road
Harrow, Middlesex
HA1 1EJ
United Kingdom
(Map)
T: 020 8861 2001
F: 020 8861 3433
www.idsec.co.uk
Copyright © 2008
IDsec Ltd
5.08
|
|
|
|
|
|
|
|
|
 |
IDsec can find out how much of your network structure is public
information. This is a valuable precursor to external penetration testing.
|
|
|
|
|
The Internet will offer up a considerable amount of information about
any connected organisation. This includes network allocation
(the “ownership” of blocks of IP addresses) and name registrations
(the mapping of qualified domain names to addresses).
In many cases this information is innocuous - indeed, it may be necessary for
the functioning of the Internet - but there are circumstances where a
potential intruder is offered excessive detail. For example, any
information that implies the nature of internal networks should not
be available to the public.
We can document an organisation's visibility in detail. This
helps a company decide whether it has enough (or too many) domain
names and determine whether it is making the best use of registered
address space. It can also reveal attempts at “passing off”, where a
third party deliberately establishes a domain name that could be
mistaken for a valid client location.
|
|
|
We search regional network allocation directories for address
blocks that appear to be allocated to the organisation. This is
be presented as a list of interesting address blocks, giving
geographical locations and contact details.
At the same time, we list all the publicly advertised hosts
contained in these address blocks or otherwise associated with the
client.
Similarly, we search the various national and international
naming registries for domain names and mail exchange records that
appear to relate to the organisation. This is correlated to the
IP address allocations where possible.
|
|
|
Costs are based purely on the consultancy hours required to carry out
the work. The effort depends on the perceived size of the client
organisation in terms of its Internet presence. As an example, the cost
of an Internet survey for a medium sized company based in the UK, with
a small number of overseas offices and trading mainly under its own
name would be 7 days' consultancy fees.
|
|
|
It is assumed that the client supplies a short list of subsidiary
and associated companies, trading names, abbreviations and any other
relevant search tokens.
We cannot guarantee finding all the Internet address blocks used by
an organisation, particularly if they have been registered by a third
party such as an ISP. It is not possible (as part of this service)
for us to determine whether
address blocks or domain names are in active use.
|
|
|
We supply address block, host and domain information in tabular
format for easy reference, together with our conclusions. This can be
made available in suitable electronic form if necessary.
|
|
|
Network visibility projects that we have carried out include:
A City financial institution with offices around the world
commissioned us to find all the domains and network blocks that had
been registered in its name. We were also asked to find all the mail gateways into
the organisation.
We undertook an Internet Visibility review for one of the largest UK
telecoms companies. This was a particularly challenging task, in that
many of the names and networks had been registered by companies that
had subsequently been bought by our client.
|
|
|
|
Network Penetration Testing
|
|
External penetration testing puts us in much the same position as a potential
intruder, trying to break into the Internet gateway and systems behind it.
|
|
|
On-Site Gateway Review
|
|
An on-site review of an Internet gateway that goes beyond a simple
external scan and looks for strength in depth.
|
|
|
Superwalk: Automated Monitoring
|
|
Superwalk runs regular scans of an Internet gateway, and
characterises all hosts that give any IP response. It also uses
a number of tools to find specific vulnerabilities in the
services offered.
|
|
|
|
