Presentation is loading. Please wait.

Presentation is loading. Please wait.

Topic 5 Penetration Testing 滲透測試

Similar presentations


Presentation on theme: "Topic 5 Penetration Testing 滲透測試"— Presentation transcript:

1 Topic 5 Penetration Testing 滲透測試

2 Introduction to Penetration Testing
Defined as a legal and authorized attempt to locate and exploit the vulnerabilities of systems for the purpose of reducing risks in those systems. Penetration testing is also known as pen testing, PT, ethical hacking, white hat hacking. The process includes detecting vulnerabilities as well as providing proof of concept (POC) attacks to demonstrate the vulnerabilities are exist. Provides specific recommendations for addressing and fixing the issues that were discovered during the test.

3 Penetration Testing Strategies
Based on the amount of information available to the pen testers, there are three penetration testing strategies: black box, white box and gray box. Black Box Testing Pen testers have no knowledge about the target. They have to figure out the vulnerabilities of the system on their own from scratch. Simulates the actions and procedures of a real attacker. All they really know are the rules of engagement. For example, social engineering and physical security testing might be permitted, but no Denial of Service is allowed.

4 Penetration Testing Strategies
White Box Testing Pen testers have full knowledge of the network, system, and infrastructure they’re targeting. Simulate a knowledgeable internal threat, such as a disgruntled network administrator or other trusted user. Gray Box Testing Also known as partial knowledge testing. Only assumes that the pen testers are insiders. They need to gather further information before conducting the test. Because most attacks do originate from inside a network, this type of testing is very valuable and can demonstrate privilege escalation from a trusted employee.

5 Pre-engagement/Preparation
Define the goal of the test Identifying risks that will adversely impact the organization. Scope for the penetration test Agree with the client what you are going to test. Educate client on what to expect. Rules of engagement (ROE) Detailed guidelines and constraints regarding the execution of testing. Gives the test team authority to conduct defined activities without the need for additional permissions.

6 Five Phases of a Penetration Testing
Reconnaissance Scanning Gaining Access Maintaining Access Clearing Tracks

7 Five Phases of a Penetration Testing
Phase 1 - Reconnaissance Gathering as much information as possible about the target of evaluation. Passive reconnaissance approach is taken and will not raise any alarms. (whois, nslookup, company website, Google) Phase 2 - Scanning With information gathered, the goal of scanning is to apply tools and techniques to learn as much technical data about the systems as possible. Live hosts are found and the network is footprinted. Services that are available are confirmed and the operating systems of each platform are verified, and vulnerabilities are assessed.

8 Five Phases of a Penetration Testing
Phase 3 - Gaining Access True attacks are carried out against the targets. Examples of attacks: Accessing an open and non-secured wireless access point, delivering a buffer overflow or SQL injection against a web application. Phase 4 - Maintaining Access Attempting to ensure penetration testers have a way back into the compromised machine or system. Back doors are left open for future use, a sniffer is placed on a compromised machine to watch traffic on a specific subnet. Access can be maintained through the use of Trojans, rootkits, or any number of other methods.

9 Five Phases of a Penetration Testing
Phase 5- Covering Tracks Attempting to hide attack activities from detecting by security professionals. Steps ranges from removing or altering log files, hiding files with hidden attributes or directories, and even using tunneling protocols to communicate with the system. Sometimes even simply corrupting the log files as files get corrupted all the time, and chances are that the administrator will not aware of the problem. Good pen testers should make sensible judgments in this phase.

10 Demonstration - Reconnaissance
DNS Zone Transfer (nslookup)

11 Demonstration - Reconnaissance
Using DNSstuff (

12 Demonstration - Scanning
Using Netsparker web application security scanner

13 Demonstration - Gaining Access
Using Metasploit

14 Demonstration - Maintaining Access
Using Metasploit Persistent Backdoor Source: Video:

15 Penetration Testing Tools
Purpose Nmap Network and port scanning, OS detection Netcat Port scanning, transferring files, a backdoor Nessus Detect vulnerabilities and misconfiguration, dictionary attack, denial of service Metasploit Framework Develop and execute exploit code against a remote target, test vulnerabilities SuperScan Port scanning, run queries like whois, ping, and hostname lookups Netsparker Web application security scanner

16 Benefits of Penetration Testing
Helps safeguard the organization against failure through preventing financial loss. Proving due diligence and compliance to industry regulators (HKMA), customers and shareholders. Preserving corporate image and justify information security investment. Helps shape information security strategy through quick and accurate identification of vulnerabilities. Proactive elimination of identified risks. Implementation of corrective measures and enhancement of IT knowledge.

17 Reporting Executive Summary Technical Report Sample Report
Communicate to the reader the specific goals of the pen test and the high level findings of the testing exercise Technical Report Present the technical details of the test and all of the aspects/components agreed upon as key success indicators within the pre-engagement exercise Describe in detail the scope, information, attack path, impact and remediation suggestions of the test Sample Report

18 Standards and Regulations
Source:

19 Standards and Regulations
HKMA - Management of Security Risks in Electronic Banking Services Source:

20 References (1) Pre-engagement
(2) Reporting (3) Sample Penetration Test Report security-testing.pdf (4) An Overview of Penetration Testing (5) Conducting a Penetration Test on an Organization g-penetration-test-organization_67 (6) 滲透測試簡介


Download ppt "Topic 5 Penetration Testing 滲透測試"

Similar presentations


Ads by Google