1 / 18

Penetration Testing

Penetration Testing. Sam Cook April 18, 2013. Overview. What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade. What is penetration testing?. Penetration Testing or Pen Testing:

finola
Télécharger la présentation

Penetration Testing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Penetration Testing Sam Cook April 18, 2013

  2. Overview • What is penetration testing? • Performing a penetration test • Styles of penetration testing • Tools of the trade

  3. What is penetration testing? • Penetration Testing or Pen Testing: • The practice of testing a computer system, network or web application to find vulnerabilities that an attacker could exploit by simulating attacks from both internal and external threats • Goals • Determine the adequacy of security measures • Identify security deficiencies • Recommend training

  4. Why penetration test? • An attacker will find the vulnerability • View network the same way an attacker would • Providing additional insight into security posture • Assess the implementation status of system security • Provide a reference point for corrective action

  5. Penetration Testing is NOT Hacking Hacking Pen Testing • No time limit • No limitations • Unknown objectives • Illegal • Limited time • Well defined scope • Clearly defined goals • Legal

  6. Real world examples • Stuxnet • Used the same infection vector as the Conficker worm • Spread via USB flash drives • Exploited hardcoded passwords • PlayStation Network Breach • Leaked millions of users’ unencrypted personal data • Intruders exploited a vulnerability in application server through a flaw not known to Sony • Suspected to have exploited by a modified PS3 firmware known as Rebug

  7. Performing a penetration test • Phases of a penetration test:

  8. Profiling • Research phase • Passive Reconnaissance • Strategy • Obtain publicly available information on target • Tactics • Query publicly accessible data sources • Observe physical defenses • Covertly survey company and employees

  9. Enumeration • Discovery Phase • Active Reconnaissance • Strategy • Find detailed information • Find possibly vulnerable points of entry • Tactics • Map the network • Analyze and identify each individual host • Survey physical security mechanisms • Compile list of possible entry points for an attacker

  10. Vulnerability Analysis • Systematic examination of vulnerabilities • Procedure • Using all the information gathered in the previous phases, identify vulnerabilities in the system • Tactics • Prioritize analysis of commonly misconfigured services • Use automated tools if applicable/available

  11. Exploitation • Gaining access • Procedure • Verify previously identified vulnerabilities by attempting to exploit them • Show what access can be gain and what assets can be affected

  12. Reporting • The important part • Procedure • Compile findings into a complete report • Include methods as well • Make suggestions to fix vulnerabilities

  13. Styles of Penetration Testing • Blue Team • Tested as a trusted insider with complete access • Perform a through survey of systems with complete access to systems to determine any vulnerabilities or misconfigurations. • Attempts to provide an exhaustive listing of potential vulnerabilities

  14. Styles of Penetration Testing • Red Team • Test done as an external hacker • Attempt to penetrate defenses any way possible • Only attempts to find single point of entry

  15. Pen Testing Tools • Backtrack • Custom Linux Distribution

  16. Pen Testing Tools • Metasploit • Exploitation framework

  17. Pen Testing Tools • Wireshark • Network traffic monitoring tool

  18. Questions?

More Related