My financial services company has contracted an external auditing firm to carry out a Penetration Testing on our network.
Can someone put me through on what Penetration testing will seek to test on our network and steps I should take to secure the network and prevent succesfuly penetration. We have Pix 525 Firewalls and IPS.
It will depend on the type of pen test that has been commissioned. A black box test is where the contractor is given nothing more than, say, the company name and they will attempt to gain unauthorised access to your systems using a variety of techniques, possibly including social engineering.
A white box test means that the contractor will have more detailed inside information and they may be able to tailor their attacks to your particular system. It all depends on how far the contractor is allowed to go.
You should watch out primarily for recon attacks such as port scans on your external firewalls. That will give you a heads up that the test is in progress. In terms of securing against it, make sure that your firewalls are as tight as possible.
Keep a very close eye on your IPS console, and of course follow the procedures in your security policy when you notice anything suspicious - that's part of the test.
As already mentioned, the breadth and quality of a 3rd party penetration testing varies depending on the goal (and how much you paid). Typically, if it's the "certify that we're compliant on a quarterly basis" kind of pen test, it involves little more than a vulnerability scan with something like Nessus (and hardly any manual verification). You should be doing that already, so no big deal right;-)
At the other end of the spectrum, they may do do social engineering, physical attacks like trying to get into a building or dropping usb sticks in the parking lot and "intelligent human being" application-level testing (SQL injection, XSS, etc). IMO, the further up the stack they get (app-level testing) the less likely you'll be able to detect/stop at the network layer. A simple thing called SSL/TLS usually prevents your IPS from being useful at all. All of this is almost always coordinated well in advance because the 3rd party has to protect itself.
Is there an expectation that they'll be testing your security controls (i.e. firewall and IPS)? I would recommend a pre-emptive Nessus scan of your external network.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :