What is Penetration Testing

advertise here
What is Penetration Testing

 A  Penetration Testing is when ethical hackers do their magic. They can test a large number of the vulnerabilities recognized during the vulnerability assessment to quantify the actual threat and risk posed by the vulnerability. When ethical hackers are carrying out a penetration test, their ultimate goal is usually to break into a system and hop from system to system until they “own” the domain
or environment. They own the domain or environment when they either have root privileges on the most critical Unix or Linux system or own the domain administrator account that can access and control all of the resources on the network. They do this to show the customer (company) what an actual attacker can do under the circumstances and current security posture of the network.

Goal of  Penetration Testing

  • Penetration Testing goal is to to provide a listing of all of the vulnerabilities within a network.
  • To show the company how these vulnerabilities can be used against it by attackers.
  • strengthen their corporate defense systems comprising all computer systems and their adjoining infrastructure.
  • Help organizations for their cybersecurity defenses, this measure should be performed on a regular basis.
From here, the security professional (ethical hacker) provides advice on the necessary countermeasures that should be implemented to reduce the threats of these vulnerabilities. 

The Penetration Testing Process

1. Form two or three teams:

  • Red team- The attack team
  • White team- Network administration, the victim
  • Blue team-Management coordinating and overseeing the test (optional)

2. Establish the ground rules:

  • Testing objectives
  • What to attack, what is hands-off
  • Who knows what about the other team (Are both teams aware of the other? Is the testing single blind or double blind?)
  • Start and stop dates
  •  Legal issues
  • Just because a client asks for it, doesn’t mean that it’s legal.
  • The ethical hacker must know the relevant local, state, and federal laws and how they pertain to testing procedures.
  • Confidentiality/Nondisclosure
  • Reporting requirements
  • Formalized approval and written agreement with signatures and contact information
  • Keep this document handy during the testing. It may be needed as a “get out of jail free” card.

Penetration Testing Activities

3. Passive scanning - Gather as much information about the target as possible
while maintaining zero contact between the penetration tester and the target.
Passive scanning can include interrogating

  • The company’s website and source code
  • Social networking sites
  • Whois database
  •  Edgar database
  • Newsgroups
  •  ARIN, RIPE, APNIC, LACNIC databases
  • Google, Monster.com, etc.
  •  Dumpster diving

4. Active scanning Probe the target’s public exposure with scanning tools,  which might include:

  • Commercial scanning tools
  • Banner grabbing
  • Social engineering
  •  War dialing
  • DNS zone transfers
  • Sniffing traffic
  • Wireless wardriving

5. Attack surface enumeration Probe the target network to identify, enumerate, and document      each exposed device:

  •  Network mapping
  • Router and switch locations
  • Perimeter firewalls
  •  LAN, MAN, and WAN connections

6.  Fingerprinting Perform a thorough probe of the target systems to identify:

  • Operating system type and patch level
  • Applications and patch level
  • Open Ports
  • Running services
  • User accounts

7.  Target system selection Identify the most useful target(s).

8.  Exploiting the uncovered vulnerabilities Execute the appropriate attack tools targeted at the       suspected exposures.

  •  Some may not work.
  •  Some may kill services or even kill the server.
  • Some may be successful.

9. Escalation of privilege Escalates the security context so the ethical hacker has more control.

  • Gaining root or administrative rights
  •  Using cracked password for unauthorized access
  • Carrying out buffer overflow to gain local versus remote control

10. Documentation and reporting 

Document everything found, how it was found, the tools that were used, vulnerabilities that were exploited, the timeline of activities, and success