Penetration Testing is when ethical hackers do their magic. A penetration test, also known as a pen test. Ethical hackers test a large number of the vulnerabilities recognized during the vulnerability assessment to quantify the actual threat and risk posed by the vulnerability.
Penetration Testing is a method that many companies follow in order to minimize their security breaches. This is a controlled way of hiring a professional who will try to hack your system and show you the loopholes that you should fix.
When ethical hackers are carrying out a penetration test, their ultimate goal is usually to break into a system and hop from system to system until they “own” the domain or environment.
They own the domain or environment when they either have root privileges on the most critical Unix or Linux system or own the domain administrator account that can access and control all of the resources on the network.
They do this to show the customer (company) what an actual attacker can do under the circumstances and current security posture of the network.
Before doing a penetration test, it is mandatory to have an agreement that will explicitly mention the following parameters that what will be the time of penetration test, there will be the IP source of the attack, and what will be the penetration fields of the system.
Types of Penetration Testing
- Black Box − Here, the ethical hacker doesn’t have any information regarding the infrastructure or the network of the organization that he is trying to penetrate. In black-box penetration testing, the hacker tries to find the information by his own means.
- Grey Box − It is a type of penetration testing where the ethical hacker has a partial knowledge of the infrastructure, like its domain name server.
- White Box − In white-box penetration testing, the ethical hacker is provided with all the necessary information about the infrastructure and the network of the organization that he needs to penetrate.
- External Penetration Testing − This type of penetration testing mainly focuses on network infrastructure or servers and their software operating under the infrastructure. In this case, the ethical hacker tries the attack using public networks through the Internet. The hacker attempts to hack the company infrastructure by attacking their web pages, web servers, public DNS servers, etc.
- Internal Penetration Testing − In this type of penetration testing, the ethical hacker is inside the network of the company and conducts his tests from there.
Goal of Penetration Testing
- Penetration Testing goal is to to provide a listing of all of the vulnerabilities within a network.
- To show the company how these vulnerabilities can be used against it by attackers.
- strengthen their corporate defense systems comprising all computer systems and their adjoining infrastructure.
- Help organizations for their cybersecurity defenses, this measure should be performed on a regular basis.
From here, the security professional (ethical hacker) provides advice on the necessary countermeasures that should be implemented to reduce the threats of these vulnerabilities.
The Penetration Testing Process
1. Form two or three teams:
- Red team- The attack team
- White team- Network administration, the victim
- Blue team-Management coordinating and overseeing the test (optional)
2. Establish the ground rules:
- Testing objectives
- What to attack, what is hands-off
- Who knows what about the other team (Are both teams aware of the other? Is the testing single blind or double blind?)
- Start and stop dates
- Legal issues
- Just because a client asks for it, doesn’t mean that it’s legal.
- The ethical hacker must know the relevant local, state, and federal laws and how they pertain to testing procedures.
- Reporting requirements
- Formalized approval and written agreement with signatures and contact information
- Keep this document handy during the testing. It may be needed as a “get out of jail free” card.
Penetration Testing Activities
3. Passive scanning – Gather as much information about the target as possible while maintaining zero contact between the penetration tester and the target, Passive scanning can include interrogating
- The company’s website and source code
- Social networking sites
- Whois database
- Edgar database
- ARIN, RIPE, APNIC, LACNIC databases
- Google, Monster.com, etc.
- Dumpster diving
4. Active scanning: Probe the target’s public exposure with scanning tools, which might include:
- Commercial scanning tools
- Banner grabbing
- Social engineering
- War dialing
- DNS zone transfers
- Sniffing traffic
- Wireless wardriving
5. Attack surface enumeration: Probe the target network to identify, enumerate, and document each exposed device:
- Network mapping
- Router and switch locations
- Perimeter firewalls
- LAN, MAN, and WAN connections
6. Fingerprinting: Perform a thorough probe of the target systems to identify:
- Operating system type and patch level
- Applications and patch level
- Open Ports
- Running services
- User accounts
7. Target system: selection Identify the most useful targets.
8. Exploiting the uncovered vulnerabilities: Execute the appropriate attack tools targeted at the suspected exposures.
- Some may not work.
- Some may kill services or even kill the server.
- Some may be successful.
9. Escalation of privilege: Escalates the security context so the ethical hacker has more control.
- Gaining root or administrative rights.
- Using cracked password for unauthorized access.
- Carrying out buffer overflow to gain local versus remote control.
10. Documentation and reporting
Document everything found, how it was found, the tools that were used, vulnerabilities that were exploited, the timeline of activities, and success. Penetration testing can also cause problems such as system malfunctioning, system crashing, or data loss.
Therefore, a company should take calculated risks before going ahead with penetration testing. The risk is calculated as follows and it is a management risk.