Team BAM! Scott Amack, Everett Bloch, Maxine Major
Overview What is penetration testing? Who uses it and why? Penetration testing tools Demo
What is Penetration Testing? Goal: identify holes in computer security Penetration testing is identification of vulnerabilities. Penetration testing may or may not include exploitation.
What is Penetration Testing? There are two sources of vulnerabilities to which penetration testing may be applied: Human Physical access to computing systems Untrained / poor decisions Hard to “fix” Non-human Open/unprotected ports Poor passwords Website vulnerabilities (XSS, etc.)
Who Uses Penetration Testing? Most major companies perform penetration testing on their own services. average loss is $5.5 million (not including value of data stolen!) FICO - continually pen testing Data vulnerability management Market $400.5 million in 2011 $1 billion expected in 2016 (Businessweek) Penetration testing is more than just using tools.
Penetration Testing Penetration tester Kevin Bong developed the “Mini Pwner:” a computer the size of an Altoids tin. After being plugged into a company’s Ethernet port, Mini Pwner: Runs simple scanning tools, Maps a company’s network, Creates a VPN connection so a hacker can connect to the router’s wifi, and run further exploitation tools. (Forbes, 2012)
Penetration Testing “The easiest way to get into a company is still to walk in looking professional and talk your way into a wiring closet” - Kevin Bong, Synercomm penetration tester
Penetration Testing Tools Port Scanners Vulnerability Scanners Application Scanners
Penetration Testing Tools Port Scanners Gather info from a test target from a remote network location. They tell us what network services are available for connection Probes each of the target’s ports or services Scans both TCP/UDP Probing with TCP allows scanners to find out what OS is running
Penetration Testing Tools Port Scanners Common Port Scanners include Nmap Angry IP Scanner Superscan NetScanTools Unicornscan
Penetration Testing Tools Vulnerability Scanners Tests the vulnerabilities on target system. Not only collects data about ports, it tests the ports.
Penetration Testing Tools Commonly used Vulnerability Scanners Nessus Core Impact Nexpose QualysGuard Retina Nipper SAINT
Penetration Testing Tools Application Scanners Targets web based applications Probes each page of an web-based application and attempts common attacks on each page of the application. Tests for the potential to attack: Buffer overruns Cookie manipulation SQL injection XSS
Penetration Testing Tools Commonly used Application Scanners Appscan Nikto WebInspect w3af Paros proxy WebScarab sqlmap skipfish
The Future of Penetration Testing Idappcom developed software Traffic IQ as an attempt to replace penetration testing companies. Data comes from Sourcefire, McAfee, Juniper, Cisco, etc. Exploits come from Metasploit, Packetstorm and SecurityFocus forums. Can be continually run, rather than “snapshot” penetration testing. (Just another tool.)
Penetration Test Demo Tool we will use: Nmap Goal: discover and gather information on open ports and vulnerabilities on target systems in this laboratory.
Nmap Demo Recap -sTTCP -sSSYN -sUUDP -sXXMAS -sNNULL
Conclusions Penetration testing must look for both the human and non-human weaknesses of a system. Penetration test your own system before someone else does! Penetration testing tools are useful, but their power is incomplete. Experience is the best tool.
Recap What is penetration testing? Who uses it and why? Types of penetration testing tools Port Scanners Vulnerability Scanners Application Scanners Nmap demo
Questions?
References Nmap Hacker's Tiny Spy Computer Cracks Corporate Networks, Fits In An Altoid “Tin” computer-cracks-corporate-networks-fits-in-an-altoid-tin/ “FICO Hacks Itself to Prevent Cybercriminal Attacks “ prevent-cybercriminal-attacks “Organisations can stay cyber secure with fixed-price penetration testing” &Itemid=55 “Idappcom seeks to displace penetration testers” enetration_testers/