Network Security Assessment Using Internal Network Penetration Testing Methodology

— The development of information technology is a new challenge for computer network security systems and the information contained in it, the level of awareness of the importance of network security systems is still very low. according to a survey conducted by Symantec, the desire to renew an existing security system within a year within a company has the result that only 13% of respondents consider changes to the security system to be important from a total of 3,300 companies worldwide as respondents. This lack of awareness results in the emergence of security holes that can be used by crackers to enter and disrupt the stability of the system. Every year cyber-attacks increase significantly, so that every year there is a need to improve the security of the existing system. Based on that, a method is needed to periodically assess system and network security by using penetrarion testing methods to obtain any vulnerabilities that exist on the network and on a system so as to increase security and minimize theft or loss of important data. Testing is carried out by using internal network penetration testing method which tests using 5 types of attacks. From the results of the tests, each system has a security risk of 20-80%. From the results of these tests it can be concluded that each system has a security vulnerability that can be attacked.


I. INTRODUCTION
The development of information technology has an important role in people's lives.With the development of technology that is always undergoing change, making information security an important factor (Mason, 1986).Once the importance of the value of information often causes the information to be accessed only by certain people who have authority.So that the fall of information into the hands of unauthorized parties can cause harm to the information owner.For example, a lot of important information in a company is only allowed to be known by certain people in the company, such as information about products that are under development, algorithms and techniques used to produce these products.For this reason, the security of the information system used must be guaranteed and in accordance with existing standards.
The development of information technology is a new challenge for computer network security and information systems, according to a survey conducted by Symantec, the level of awareness of the desire to renew an existing security system within a year within a company gets results that only 13% of respondents consider change the security system is important from a total of 3,300 companies worldwide as respondents (Symantec State of Security Survey, 2011).This lack of awareness results in the emergence of security holes that can be used by crackers to enter and disrupt the stability of the system.
Cyber attacks have caused various personal data thefts.In government offices there have been nearly 21.5 million people who have experienced theft of data from office computers.In addition to government offices, attacks also occur in banks in the world.Cyber attacks have started since the end of 2013 and have stolen about 1 trillion US Dollars.More than 100 banks in the world from 30 countries affected by cyber attacks.The hacker installs spyware into a computer that is used by bank employees and observes the workings of bank employees and secretly transfers to bank accounts that are used for theft of money.According to brearchieveindex.com from 2013 to June 2015 there have been more than 3 billion lost and stolen data involving all types of people such as retail, government, education, financial and others.

A. Network Security
Network security is very important to monitor network access and prevent unauthorized use of network resources.Network security tasks are controlled by the network administrator.Security aspects defined by five points, namely Confidentiality, require that information can only be accessed by those who have authority.Integrity, requires that information can only be changed by those who have the authority, availability, requires that information be available to parties who have the authority when needed, authentication, requires that the sender of an information be identified correctly and there is a guarantee that the identity obtained is not false.Nonrepudiation, requires that both senders and recipients of information cannot deny sending and receiving messages.

B. Penetration Testing
Penetration Testing is a method used to evaluate the security of a system or computer network by performing an attack simulation.In the OWASP methodology Web Application Security Testing focuses only on the security of web applications, where the process involves actively analyzing web applications, to find weaknesses, technical defects, and weaknesses.Security issues that have been discovered will be given to the system owner, which is included with a report that contains information about the estimated impacts that arise as well as technical solutions to these problems.
Penetration testing has proven effective in helping to deal with security issues on the network.Penetration testing techniques are not only aimed at applications, but can also be applied to networks, and operating systems, where the main purpose is to find and then try to exploit vulnerabilities that are known or detected in previous evaluations contained in certain technologies There are 3 types of penetration testing, namely: This research uses internal network penetration testing method.The steps that will be carried out in this research can be seen in the picture below analysis is performed and then what components are needed to be assessed in the network.c.Penetration Testing, at this stage assessment is carried out by using various tests on security loopholes contained in the system and exploiting the current system.d.Reporting, after completing the assessment of the security of the system, then make a report based on the results of the assessment and provide recommendations on the security risks found in the system.

IV. PENETRATION TESTING a. Scope of Project
Scope of testing on servers on the internal network there are 5 servers in one network.IP network of internal network is X.X.X.0/24.The following is the list of IP servers that will be tested.The above IP address is taken based on scanning the host through the internal network using the white box method.Each of these IP represents each existing server.only 5 machines are taken as examples of testing.Some of the things tested in the server penetration testing on the internal network are as follows.The ID is used to provide an identity for the security holes that are found later in the system.Its important applied to evaluate system or server based on internal network.

b. Information Gathering
This information is obtained using Zenmap tools with banner grabbing methods to get all information about the machines.

c. Penetration Tesing 1. Penetration Testing on S1 Machine
After getting information about the target, proceed with the vulnerability analysis method, which analyzes the the weaknesses of the system that can be exploited during the attack session.based on the information above, web applications use WordPress with version 4.24.then the examiner will enter the WordPress Login Page for enumeration to get information about the username and password.

Fig. 3 Enumeration Username Using Wpscan
In this case, the username is obtained, but the password cannot be indicated because the combination of characters in the password is difficult to hack.The test continued by finding the weaknesses of the web server using the Owasp Zap tool.Based on the picture above, found 5 things that become a weakness in the web scripting section that can be exploited later using the Cross Site Scripting attack type.The next test is DOS attack.Based on information that the machine use XMLRPC Protocol in the application, the testers can attack through the protocol to overload and flood the server by sending a lot of requests in a small time.The attack was carried out using metasploit tools with wordpress xmlrpc dos module and make lot request to server.After perform DOS attack, the database connection on server becomes down.consequently the web cannot be accessed for a while.

Penetration Testing on S2 Machine
There are several weaknesses of security that can be exploited.The testing scenario on this server is to get data from the web application.These data can be used by person who are not responsible for the application.This can trigger integrity weaknesses and confidentiality data.Testers try to sign in using default authentication for the login page.The server contains weaknesses in XSS, the testers try to insert some characters to disguise authentication, so the login process can be forwarded in.Then the tester will try to retrieve data from the application based on the URL directory of the unprotected server.Access to the directory will be shown by the following picture.URL directory to access confidential data that is not protected.This causes data exploitation.therefore give authentication to access the URL directory in the system

V6
The server it can be injected using the XSS method to disguise the username and password so that it can escape session authentication

Penetration Testing on S3 Machine
For the S3 machine perform privilege escalation to login page using default username and password to entering the system.The tester successfully entered the system.This is a security gap that needs to be fixed, because if unauthorized user can enter the system, the settings can be damaged.Consequently the infrastructure and services on the network do not run optimally.

Penetration Testing on S4 Machine
After the examiner visits the IP through the browser, the system page does not have protection.So that can be accessed by anyone without protection.This is very dangerous for the system, because unauthorized user can configure and take over the system.

ID of Vulnerable Detect
Recommendation V1 There is no protection from the application so that it can be accessed by anyone.therefore add protection to the system such as authentication with a combination of characters that are difficult to get by hackers From the results of testing the level of security on the network, each device has a vulnerability level of 20% -80%.60% of devices that have been tested can be attacked using XSS attacks and 60% use the default username and password for the login process to the system V. CONCLUSIONS From the results of penetration testing it can be concluded that almost every device has a weakness and can be attacked..For this reason several recommendations are given so that device security can be improved.

Fig. 2
Fig. 2 Methodology a. Literature Review by reading and understanding the literature in the form of books, sites, and scientific works related to network security and penetration testing b.In the pre penetration testing stage, network securityanalysis is performed and then what components are needed to be assessed in the network.c.Penetration Testing, at this stage assessment is carried out by using various tests on security loopholes contained in the system and exploiting the current system.d.Reporting, after completing the assessment of the security of the system, then make a report based on the results of the assessment and provide recommendations on the security risks found in the system.

Fig. 4 Finding
Fig. 4 Finding Vulnerable Using OWASP Zap Tools

Fig. 5 XSS
Fig. 5 XSS Attack on TI Web Server

Fig. 6 DOS
Fig. 6 DOS Attacking using Metasploit ToolsAfter the attack was carried out a lot of network traffic was drawn on the following etherape tools.

Fig. 7
Fig. 7 Network Traffic Monitoring Using Etherape Tools

Fig. 9
Fig. 9 Wrong Default Username and Password

Fig. 10 Inject
Fig.10 Inject Query to Login Page

Fig. 11
Fig. 11 Data from Directory Server

Figure 12 .
Figure 12.Testing Default Password on Baseline Switch Server

Fig. 13
Fig.13 Successfully entered the system

Fig. 14
Fig. 14 Create New User in SystemTesters can add users as administration to configure the system.

Fig. 15
Fig. 15 Enter a System without protection

TABLE XI EVALUATION
AND RECOMMENDATION FOR S4 MACHINE