Presentation is loading. Please wait.

Presentation is loading. Please wait.

Penetration Testing Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802

Published byMadison McCoy Modified over 9 years ago

Similar presentations

Presentation on theme: "Penetration Testing Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802"— Presentation transcript:

1 Penetration Testing Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 chu@ist.psu.edu

2 Objectives What does a malicious hacker do? Types of security tests. What is penetration testing? Why penetration testing? Legal aspects of penetration testing. Vulnerability assessment vs. penetration testing. How to conduct penetration testing? Tools for penetration testing. This module will familiarize you with the following:

3 NIST, “Guideline on Network Security Testing,” Special Publication 800-42, 2003. (Sec. 3-10). (Required) Wikipedia, “Penetration Test,” http://en.wikipedia.org/wiki/Penetration_testN Herzog, P., “OSSTMM Open-Source Security Testing Methodology Manual,” V. 2.2., ISECOM, 2006. Layton, Sr., T. P., “Penetration Studies – A Technical Overview,” SANS Institute, 2001. NIST, “Technical Guide to Information Security Testing and Assessment,” Special Publication 800-115, September 2008. Northcutt, S., Shenk, J., Shackleford, D., Rosenberg, T., Siles, R. and Mancini, S., “Penetration Testing: Assessing Your Overall Security Before Attackers Do,” SANS Analyst Program, June 2006. Readings

4 What Does a Malicious Hacker Do Reconnaissance: Active/Passive Scanning Gaining Access: Operating systems level/ application level Network level Denial of service Maintaining Access: Uploading/altering/downloading programs or data Clearing Tracks

5 Penetration Testing Report (Recommendation for Security) Perspective of Adversary ReconnaissanceScanning System Access DamageClear Tracks Web-based Information Collection Social Engineering Broad Network Mapping Targeted Scan Service vulnerability Exploitation Password Cracking DDOS Code Installation System File Deletion Use Stolen Accounts For Attack Log File Changes Reactive Security (Incident Response) Proactive Security (Real Time) Preventive Phase (Defense)

6 Types of Attacks Operating system attacks. Attackers look for OS vulnerabilities (via services, ports and modes of access) and exploit them to gain access. Application-level attacks (programming errors; buffer overflow). Shrink wrap code attacks. OS or applications often contain sample scripts for administration. If these scripts were not properly fined tune, it may lead to default code or shrink wrap code attacks Misconfiguration attacks. System that should be fairly secured are hacked into because they were not configured correctly. The ways an hacker used to gain access to a system can be classified as:

7

8

9

10

11 Security Testing Techniques Network Scanning Vulnerability Scanning Password Cracking Log Review Integrity Checkers Virus Detection War Dialing War Driving (802.11 or wireless LAN testing) Penetration Testing Often, several of these testing techniques are used together to gain more comprehensive assessment of the overall network security posture. (NIST SP 800-42, 2003)

12 Security Testing Methods Every organization uses different types of security testing method to validate the level of security on its network resources. Penetration Testing Ethical Hacking OSSTMM Security Test Vulnerability Scanning Hands-on Audit Thorough Accurate (OSSTMM, 2006)

13 What is Penetration Testing? A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered. (Source: http://en.wikipedia.org/wiki/Penetration_test)

14 Why Penetration Testing? Computer related crime is on the rise. Find holes now before somebody else does. Report problems to management. Verify secure configurations. Security training for network staff. Discover gaps in compliance. Testing new technology. (Source: Northcutt et al., 2006)

15 Legal Aspects of PT U.S. Cyber Security Enhancement Act 2002: Life sentences for hackers who “recklessly” endanger the lives of others. U.S. Statute 1030, Fraud and Related Activity in Connection with Computers. Whoever intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage or impairs medical treatment, can receive a fine or imprisonment of five to 20 years. Attacking a network from the outside carries ethical and legal risk to you, the tester, and remedies and protections must be spelled out in detail before the test is carried out., Thus, it's vital that you receive specific written permission to conduct the test from the most senior executive.

16 Legal Aspects of PT Your customer also requires protection measures. You must be able to guarantee discretion and non-disclosure of sensitive company information by demonstrating a commitment to the preservation of the company's confidentiality. The designation of red and green data classifications must be discussed before the engagement, to help prevent sensitive data from being re- distributed, deleted, copied, modified or destroyed. The credibility of your firm as to its ability to conduct the testing without interruption of the customer's business or production is also of paramount concern. You must employ knowledgeable engineers who know how to use minimal bandwidth tools to minimize the test's impact on network traffic.

17 Vulnerability Assessment Vulnerability assessment scans a network for known security weaknesses. Vulnerability scanning tools search network segments for IP-enabled devices and enumerate systems, operating systems, and applications. Vulnerability scanners can test systems and network devices for exposure to common attacks. Vulnerability scanners can identify common security configuration mistakes.

18 Limitations of Vulnerability Assessment Vulnerability scanning tool is limited in its ability to detect vulnerabilities at a given point in time. Vulnerability scanning tool must be updated when new vulnerabilities are discovered or improvements are made to the software being used. The methodology used and the diverse Vulnerability scanning tools assess security differently, which can influence the result of the assessment.

19 Vulnerability Assessment vs. Penetration Test Vulnerability assessment is a process of identifying quantifying, and prioritizing (or ranking) the vulnerabilities in a system. It reveals potential security vulnerabilities or changes in the network which can be exploited by an attacker for malicious intent. A Penetration test is a method of evaluating the security state of a system or network by simulating an attack from a malicious source. This process involves identification and exploitation of vulnerabilities in real world scenario which may exists in the systems due to improper configuration, known or unknown weaknesses in hardware or software systems, operational weaknesses or loopholes in deployed safeguards.

20 Types of Security Tests Blind Gray Box Tandem Double BlindReversal Attacker’s Knowledge of Target Target’s Knowledge of Attack Double Gray Box Black Box Red team White Box Blue team

21

22 Penetration Testing Process PlanningDiscoveryAttack Additional Discovery Reporting (NIST SP 800-42, 2003) Reconnaissance Scanning Enumerating Gaining Access Escalating Privilege System Browsing Actions Lack of Security Policy Poorly Enforced Policy Misconfiguration Software reliability Failure to apply patches

23 FootprintingPort Scanning Enumerating Whois SmartWhois NsLookup Sam Spade NMap Ping Traceroute Superscan Determine the Network Range Identify Active Machines Discover Open Ports and Access Points Fingerprint the Operating System Uncover Services on Ports Map the Network Gather Initial Information Discovery Phase of PT Netcat NeoTrace Visual Route

24 Attack Phase Steps with Loopback Discovery Phase Gaining Access Escalating Privilege System Browsing Install Add. Test Software Enough data has been gathered in the discovery phase to make an informed attempt to access the target If only user-level access was obtained in the last step, the tester will now seek to gain complete control of the system The information- gathering process begins again to identify mechanisms to gain access to trusted systems

25 Types of Penetration Test Penetration Test External Test Internal Test Black Box White Box Gray Box Curious Employee Disgruntled End User Disgruntled Administrator

26 When is Testing Necessary? Penetration Testing was traditionally done once or twice a year due to high cost of service. Automated Penetration Testing software is enabling organizations today to test more often. Test Periodic Testing

27 Become Certified

Download ppt "Penetration Testing Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
1 SOFTWARE TESTING Przygotował: Marcin Lubawski. 2 Testing Process AnalyseDesignMaintainBuildTestInstal Software testing strategies Verification Validation.

1 SOFTWARE TESTING Przygotował: Marcin Lubawski. 2 Testing Process AnalyseDesignMaintainBuildTestInstal Software testing strategies Verification Validation.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Introduction to Ethical Hacking, Ethics, and Legality.

Introduction to Ethical Hacking, Ethics, and Legality.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer.

Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer.
Comp 8130 Presentation Security Testing Group Members: U4266680 Hui Chen U4242754 Ming Chen U4266538 Xiaobin Wang.

Comp 8130 Presentation Security Testing Group Members: U Hui Chen U Ming Chen U Xiaobin Wang.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
The Business of Penetration Testing

The Business of Penetration Testing
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
ETHICAL HACKING ETHICAL HACKING A LICENCE TO HACK Submitted By: Usha Kalkal M.Tech(1 st Sem) Information technology.

ETHICAL HACKING ETHICAL HACKING A LICENCE TO HACK Submitted By: Usha Kalkal M.Tech(1 st Sem) Information technology.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google