CLICK HERE TO DOWNLOAD PPT ON Penetration Testing
Penetration Testing Presentation Transcript
1.Penetration Testing
2.Content:
What is a Penetration Test?
The Process and Methodology
Planning and Preparation
Information Gathering and Analysis
Vulnerability Detection
Penetration Attempt
Analysis and Reporting
Cleaning Up
Limitation of Penetration Testing 10
Conclusion
What is a Penetration Test?
The Process and Methodology
Planning and Preparation
Information Gathering and Analysis
Vulnerability Detection
Penetration Attempt
Analysis and Reporting
Cleaning Up
Limitation of Penetration Testing 10
Conclusion
3.What is Pen Testing:
A great way to identify vulnerabilities that exists in a system or network that has an existing security measures in place.
Involves the use of attacking methods conducted by trusted individuals that are similarly used by hostile intruders or hackers.
This may involve a simple scan of an IP addresses to identify machines that are offering services with known vulnerabilities
OR
Even exploiting known vulnerabilities that exists in an unpatched operating system.
A great way to identify vulnerabilities that exists in a system or network that has an existing security measures in place.
Involves the use of attacking methods conducted by trusted individuals that are similarly used by hostile intruders or hackers.
This may involve a simple scan of an IP addresses to identify machines that are offering services with known vulnerabilities
OR
Even exploiting known vulnerabilities that exists in an unpatched operating system.
4.Why?
Two reasons:
To increase upper management awareness of security issues
To test intrusion detection and response capabilities
Helps in assisting the higher management in decision-making processes.
Management of an organization might not want to address all the vulnerabilities that are found in a vulnerability assessment but might want to address its system weaknesses that are found through a penetration test because of cost budgets.
Two reasons:
To increase upper management awareness of security issues
To test intrusion detection and response capabilities
Helps in assisting the higher management in decision-making processes.
Management of an organization might not want to address all the vulnerabilities that are found in a vulnerability assessment but might want to address its system weaknesses that are found through a penetration test because of cost budgets.
5.The Process and Methodology
Planning and Preparation
Information Gathering and Analysis
Vulnerability Detection
Penetration Attempt
Analysis and Reporting
Cleaning Up
Planning and Preparation
Information Gathering and Analysis
Vulnerability Detection
Penetration Attempt
Analysis and Reporting
Cleaning Up
6.Planning and Preparation
Kickoff meetings must discuss matter concerning the scope and objective of the penetration test as well as the parties involved.
A clear objective for the penetration test to be conducted
The scoping of the penetration test is done by identifying the machines, systems and network, operational requirements and the staff involved.
Standard format presented should also be agreed upon by the penetration testers and the organization.
Kickoff meetings must discuss matter concerning the scope and objective of the penetration test as well as the parties involved.
A clear objective for the penetration test to be conducted
The scoping of the penetration test is done by identifying the machines, systems and network, operational requirements and the staff involved.
Standard format presented should also be agreed upon by the penetration testers and the organization.
7.Planning and Preparation
Timing and duration the penetration tests are performed– important agenda.
Example:
Imagine doing a denial of service ‘test’ on a university on the day its students take their online examinations.
One major decision--whether the staff of that organization should be informed before a penetration test is carried out
Timing and duration the penetration tests are performed– important agenda.
Example:
Imagine doing a denial of service ‘test’ on a university on the day its students take their online examinations.
One major decision--whether the staff of that organization should be informed before a penetration test is carried out
8.Information Gathering and Analysis
Information is power
Gather as much information as possible about the targeted systems or networks.
If the intended target has an online website, this is a good place to start your information gathering.
Do a network survey- to find the number of systems that are reachable
Results from a network surveying:
Domain names, server names, Internet service provider information, IP addresses of hosts involved as well as a network map.
Information is power
Gather as much information as possible about the targeted systems or networks.
If the intended target has an online website, this is a good place to start your information gathering.
Do a network survey- to find the number of systems that are reachable
Results from a network surveying:
Domain names, server names, Internet service provider information, IP addresses of hosts involved as well as a network map.
9.Information Gathering and Analysis
Help us to determine the domain registry information for the servers which allows us to check and see the range of IP addresses that are owned by the targeted organization.
Tool to conduct a network survey is Nmap
Next task - Do a port scanning to obtain information about closed and open ports running on the systems or network
OS fingerprinting
The ideal result of the information gathering and analysis stage should be:
List of systems and IP addresses with information about the operating system, running services and open ports.
Help us to determine the domain registry information for the servers which allows us to check and see the range of IP addresses that are owned by the targeted organization.
Tool to conduct a network survey is Nmap
Next task - Do a port scanning to obtain information about closed and open ports running on the systems or network
OS fingerprinting
The ideal result of the information gathering and analysis stage should be:
List of systems and IP addresses with information about the operating system, running services and open ports.
10.Vulnerability Detection
Next step is to determine the vulnerability that exists in each system.
PTs should have a collection of exploits and vulnerabilities at their disposal for this purpose.
analysis will be done on the information obtained to determine any possible vulnerability that might exist.
Tools available that can automate vulnerability detection– Nessus
Completion of the vulnerability detection will produce a definite list of targets to investigate in depth
Next step is to determine the vulnerability that exists in each system.
PTs should have a collection of exploits and vulnerabilities at their disposal for this purpose.
analysis will be done on the information obtained to determine any possible vulnerability that might exist.
Tools available that can automate vulnerability detection– Nessus
Completion of the vulnerability detection will produce a definite list of targets to investigate in depth
11.Nessus
Nessus is a security scanner that audit remotely a given network and determine whether vulnerabilities exists in it. It produces a list of vulnerabilities that exist in a network as well as steps that should be taken to address these vulnerabilities.
Nessus is a security scanner that audit remotely a given network and determine whether vulnerabilities exists in it. It produces a list of vulnerabilities that exist in a network as well as steps that should be taken to address these vulnerabilities.
12.Penetration Attempt
Next stage - identify suitable targets for a penetration attempt.
Estimations on how long a penetration test takes on a particular system are important at this point.
The target chosen to perform the penetration attempt is also important.
Next stage - identify suitable targets for a penetration attempt.
Estimations on how long a penetration test takes on a particular system are important at this point.
The target chosen to perform the penetration attempt is also important.
13.Example:
Imagine a scenario whereby two penetration testers are required to perform a penetration test on a network consisting of more than 200 machines. After gathering sufficient information and vulnerabilities about the network, they found out that there are only 5 servers on the network and the rest are just normal PCs used by the organization’s staff. Common sense will tell these them that the likely target would be these 5 servers.
Imagine a scenario whereby two penetration testers are required to perform a penetration test on a network consisting of more than 200 machines. After gathering sufficient information and vulnerabilities about the network, they found out that there are only 5 servers on the network and the rest are just normal PCs used by the organization’s staff. Common sense will tell these them that the likely target would be these 5 servers.
14.Penetration Attempt(Contd.)
Password cracking has become a normal practice in penetration tests.
In most cases, you’ll find services that are running on systems like telnet and ftp.
Which is good place to start and use our password cracking methods to penetrate these systems.
Dictionary Attack
Brute Force
Tool that can be used to automate telnet and ftp account cracking---Brutus
Password cracking has become a normal practice in penetration tests.
In most cases, you’ll find services that are running on systems like telnet and ftp.
Which is good place to start and use our password cracking methods to penetrate these systems.
Dictionary Attack
Brute Force
Tool that can be used to automate telnet and ftp account cracking---Brutus
15.Other testing attempts:
Social engineering
Ex:
Attacker: “Hi Ms Lee, this is Steven from the IS Department. I’ve found a virus stuck in your mail box and would like to help you remove it. Can I have the password to your email ? “
Ms Lee (the secretary): “A virus ? That’s terrible. My password is magnum. Please help me clean it up”
Testing the organization’s physical security
Physical security testing involves a situation of penetration testers trying to gain access to the organization’s facility by defeating their physical security
Social engineering
Ex:
Attacker: “Hi Ms Lee, this is Steven from the IS Department. I’ve found a virus stuck in your mail box and would like to help you remove it. Can I have the password to your email ? “
Ms Lee (the secretary): “A virus ? That’s terrible. My password is magnum. Please help me clean it up”
Testing the organization’s physical security
Physical security testing involves a situation of penetration testers trying to gain access to the organization’s facility by defeating their physical security
16.Analysis and Reporting
Next task - is to generate a report for the organization
Contents of the report should be as follows:
1.overview of the penetration testing process done
2.followed by an analysis and commentary on critical vulnerabilities that exist in the network or systems
3.Summary of any successful penetration scenarios
4.Detailed listing of all information gathered during penetration testing
5.Detailed listing of all vulnerabilities found
6.Description of all vulnerabilities found
7.Suggestions and techniques to resolve vulnerabilities found
Next task - is to generate a report for the organization
Contents of the report should be as follows:
1.overview of the penetration testing process done
2.followed by an analysis and commentary on critical vulnerabilities that exist in the network or systems
3.Summary of any successful penetration scenarios
4.Detailed listing of all information gathered during penetration testing
5.Detailed listing of all vulnerabilities found
6.Description of all vulnerabilities found
7.Suggestions and techniques to resolve vulnerabilities found
17.Cleaning Up
Done to clear any mess that has been made as a result of the penetration test
Cleaning up of compromised hosts must be done securely as well as not affecting the organization’s normal operations.
Cleaning up process should be verified by the organization’s staff to ensure that it has been done successfully.
A good example of a clean up process is the removal of user accounts on a system previously created externally as a result of the penetration test.
Done to clear any mess that has been made as a result of the penetration test
Cleaning up of compromised hosts must be done securely as well as not affecting the organization’s normal operations.
Cleaning up process should be verified by the organization’s staff to ensure that it has been done successfully.
A good example of a clean up process is the removal of user accounts on a system previously created externally as a result of the penetration test.
18.Limitations of Penetration Testing
A penetration test can only identify those problems that it is designed to look for.
If a service is not tested then there will be no information about its security or insecurity.
A penetration test is unlikely to provide information about new vulnerabilities.
Penetration tests are conducted in a limited time period.
A penetration test can only identify those problems that it is designed to look for.
If a service is not tested then there will be no information about its security or insecurity.
A penetration test is unlikely to provide information about new vulnerabilities.
Penetration tests are conducted in a limited time period.
19.Conclusions
It is important to make a distinction between penetration testing and network security assessments.
A network security or vulnerability assessment may be useful to a degree, but do not always reflect the extent to which hackers will go to exploit a vulnerability.
Penetration tests attempt to emulate a 'real world' attack to a certain degree.
Finally, a penetration test alone provides no improvement in the security of a computer or network. Action to taken to address these vulnerabilities that is found as a result of conducting the penetration test.
It is important to make a distinction between penetration testing and network security assessments.
A network security or vulnerability assessment may be useful to a degree, but do not always reflect the extent to which hackers will go to exploit a vulnerability.
Penetration tests attempt to emulate a 'real world' attack to a certain degree.
Finally, a penetration test alone provides no improvement in the security of a computer or network. Action to taken to address these vulnerabilities that is found as a result of conducting the penetration test.
20.Tools Used
Some of the tools that are popularly used for penetration testing are shown in this appendix. The tools below are grouped according to the testing methodologies outlined earlier.
Information Gathering:
Nmap – Network scanning, port scanning and OS detection
hping – Tool for port scanning.
netcat - Grabs service banners / versions.
firewalk - Determining firewall ACLs.
ethereal - Monitoring and logging return traffic from maps and scans.
icmpquery - Determining target system time and netmask.
strobe - Port scanning utility
Some of the tools that are popularly used for penetration testing are shown in this appendix. The tools below are grouped according to the testing methodologies outlined earlier.
Information Gathering:
Nmap – Network scanning, port scanning and OS detection
hping – Tool for port scanning.
netcat - Grabs service banners / versions.
firewalk - Determining firewall ACLs.
ethereal - Monitoring and logging return traffic from maps and scans.
icmpquery - Determining target system time and netmask.
strobe - Port scanning utility
21.Vulnerability Detection:
Nessus - Scans for vulnerabilities.
URL: http://www.nessus.org/
Accunetix web vulnerability scanner
Penetration Tools:
Brutus – Telnet, FTP and HTTP Password cracker
URL: http://www.hoobie.net/brutus
LC3 – Password cracking utility
URL: http://www.atstake.com/lc3
Nessus - Scans for vulnerabilities.
URL: http://www.nessus.org/
Accunetix web vulnerability scanner
Penetration Tools:
Brutus – Telnet, FTP and HTTP Password cracker
URL: http://www.hoobie.net/brutus
LC3 – Password cracking utility
URL: http://www.atstake.com/lc3
0 comments