Presentation is loading. Please wait.

Presentation is loading. Please wait.

PENETRATION TESTING. A scare at bedtime! There is no hiding place, you can be found through a variety of means: DNS, Name Server Lookup, NSlookup, Newsgroups,

Published byMay Stone Modified over 9 years ago

Similar presentations

Presentation on theme: "PENETRATION TESTING. A scare at bedtime! There is no hiding place, you can be found through a variety of means: DNS, Name Server Lookup, NSlookup, Newsgroups,"— Presentation transcript:

1 PENETRATION TESTING

2 A scare at bedtime! There is no hiding place, you can be found through a variety of means: DNS, Name Server Lookup, NSlookup, Newsgroups, web site trawling, e-mail properties and so on. There is no hiding place, you can be found through a variety of means: DNS, Name Server Lookup, NSlookup, Newsgroups, web site trawling, e-mail properties and so on.

3 Why Test?  professional penetration services are growing in popularity. Organizations are increasingly aware that controlled security vulnerability testing is a major element in identifying exposures, and ensuring that they are not exploited by a hostile party.  The objective of penetration testing is to investigate the system from the attacker’s perspective. The primary aim is to identify exposures and risk before seeking a solution.

4 What is it?  Many types of testing are available, one is IP Penetration Tests, which consists of Evidential testing, amongst others.  Evidential Testing tends to be employed for those who consider themselves to be potentially greater targets for hostile parties, and is far more structured and comprehensive than the former.

5 Evidential Test  The Evidential Test has the objective of proving that within a short period of time, an intrusion can be achieved, thus providing proof that the system is vulnerable to attack.  Most attempted Internet attacks are performed by Script-Kiddies, uninventive hackers who simply try out others’ new attacks by testing lots and lots of IP addresses for the weakness that can be exploited. There is a great spectrum between these and the ultimate, an engineer with lots of networking experience and probably a wealth of programming knowledge backed up by the commitment to achieve their goal no matter how long or how hard that might be.

6 Case Study  The UK government is in the process of implementing one of the most ambitious E- Business systems in the World today. The Government Secure Intranet (GSI) will probably be the largest VPN in Europe encompassing hundreds of large organisations – government departments, local councils, government agencies and the Police National Network (PNN2), an intranet within an intranet – and thousands of firewalls.  Designed to connect departments, cut costs, centralising (or at least interlinking) records on citizens, providing greater accessibility to services for everybody, etc.

7 continued…..  Security is a manifest issue. From the start, CESG (Communications-Electronics Security Group – the government’s ICT security advisors) realised that such a huge project was beyond the resources of themselves and DERA (Defence Evaluation & Research Agency – the MOD’s research agency.). This was not their only concern, with the arrival of information warfare \ cyber-terrorism, major companies such as utilities and banks – the so-called Critical National Infrastructure - have become even more important as targets.  Example - bringing the nation’s gas supply to a halt could quickly bring the country to a halt. Consequently, with the support of the Cabinet Office, CESG set about finding companies it felt could be trusted with such sensitive work and invited them to join.

8 The Major Test  An IP Penetration Test is an exhaustive examination of the client’s Internet connectivity. It covers every conceivable angle to give the client an objective, authoritative and up-to-date report on their security status as seen from the outside world.

9 Vulnerability Testing  This is a high-intensity search procedure identifying the probable weak points in the system topology. For example:  software bugs in the operating systems of computers and communications hardware which allow non-standard access.  straightforward attacks on systems.  E-mail exploits.

10 The Outcome  The deliverables can be two reports authored from the submissions of the whole team. The first is an executive summary discussing the major issues and business risks. The second is an in- depth catalogue of the test covering discovered vulnerabilities, how these might affect security and suggested solutions.

11 continued……  The reports remain a tangible asset to the customer providing a baseline upon which to conduct future tests, and as a Change Control Document when reconfiguring the associated IT and communications systems.  The two documents can be a management summary giving an overview of findings, with details on legal issues, business impact, and risk management. The second is an in-depth, blow- by-blow account of findings with suggestions on how to solve each issue.  Drafts will be provided to nominated client personnel before the Post-Test Consultation.

12 Post test  Options can be; –Intrusion stage –Repeat test –Denial of Service Test –Direct attack –Covert testing

Download ppt "PENETRATION TESTING. A scare at bedtime! There is no hiding place, you can be found through a variety of means: DNS, Name Server Lookup, NSlookup, Newsgroups,"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Get Started in e-Business. Aim This presentation is prepared to support and give a general overview of the ‘How to Get Started in e-Business’ Guide and.

Get Started in e-Business. Aim This presentation is prepared to support and give a general overview of the ‘How to Get Started in e-Business’ Guide and.
Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’

Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’
Develop an Information Strategy Plan

Develop an Information Strategy Plan
Common Assessment Framework for Adults Demonstrator Site Programme Event to Support Expressions of Interest.

Common Assessment Framework for Adults Demonstrator Site Programme Event to Support Expressions of Interest.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
ICASAS305A Provide Advice to Clients

ICASAS305A Provide Advice to Clients
Computer Security And Computer Crimes. Problem under consideration A software flaw was found in a national bank's web site that allows anyone who knows.

Computer Security And Computer Crimes. Problem under consideration A software flaw was found in a national bank's web site that allows anyone who knows.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
WHAT… Myrket is a B2B online advertising agency focused on e-marketing services; Main Services: e-marketing strategies; website development; search engine.

WHAT… Myrket is a B2B online advertising agency focused on e-marketing services; Main Services: e-marketing strategies; website development; search engine.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
CHAPTER 9 DEVELOPING BUSINESS/IT STRATEGIES. IT Planning Planning an information system doesn’t start with bits, and bytes, or a Web site. It starts with.

CHAPTER 9 DEVELOPING BUSINESS/IT STRATEGIES. IT Planning Planning an information system doesn’t start with bits, and bytes, or a Web site. It starts with.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.

Similar presentations

Ads by Google