Scribd
Upload
2K views

Penetration Testing Presentation

This document outlines the process and methodology for penetration testing from an analyst's perspective. It discusses what penetration testing is, the typical steps involved including planning, information gathering, vulnerability detection, penetration attempts, analysis and reporting. It also covers some limitations of penetration testing and references common tools used at each stage.

Uploaded by

Arif Zina
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
2K views

Penetration Testing Presentation

This document outlines the process and methodology for penetration testing from an analyst's perspective. It discusses what penetration testing is, the typical steps involved including planning, information gathering, vulnerability detection, penetration attempts, analysis and reporting. It also covers some limitations of penetration testing and references common tools used at each stage.

Uploaded by

Arif Zina
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 15

Penetration Testing

from Analysts
perspective

Computer Forensics and Security

BC Institute of Technology

Prepared by Arif Zina


Presentation Outline

 What is penetration Testing


 The process and Methodology
 Planning and preparation
 Information gathering and analysis
 Vulnerability detection
 Penetration Attempt
 Analysis and reporting
 Cleaning up

 Limitation of Penetration Testing


 Conclusion
What is penetration testing
 Identify vulnerabilities that exist in a system that has
security measures in place.
 Involves the attacking methods conducted by trusted
individuals.
 Scanning of IP addresses to identify machines that are
offering services with known vulneribilities.
 Exploiting known vulnerabilities that exist in an unpatched
system.
 Increase upper managements awareness of security issues
and decision making.
 Serious consequences on the network if tests not
conducted properly.
The Process and

Methodology
Planning and Preparation

 Meeting between the organization and the testers.

 Clear objectives of the tests to be conducted and to focus on


demonstrating the exploitable vulnerabilities that exist within the
organizations network.

 Ensure that tests are done during off-peak hours to prevent


disruptions and crashes due to unusual network traffic.

 Inform security staff on the penetration tests to be conducted…?

 Treat data obtained as confidential and to be returned/destroyed


after the tests are completed.
 Information Gathering and Analysis

 Gather much information about the targeted systems

 Nslookup (Available on Unix and Windows Platforms)


 Whois (Available via any Internet browser client)
 ARIN (Available via any Internet browser client)
 Dig (Available on most Unix platforms and some
web sites via a form)
 Web Based Tools (Hundreds if not thousands of sites
offer various recon tools)
 Target Web Site (The client’s web site often reveals too
much information)
 Social Engineering
 Conduct network survey to identify reachable systems
 NMAP - Nmap provides options for fragmentation, spoofing, use
of decoy IP addresses, stealth scans. Determines: O/S, packet
filters/firewalls of the machine.
 Vulnerability detection
 Nmap or other scanning tools are first used to identify hosts and determine ports and
services available.

 Determine the vulnerability that exists in a each system identified by: open ports,
O/S and application patch level and service pack applied.

 Vulnerability on-line databases available to search for specific exploits.

 Manual Vulnerability scanning – Detection is done manually by a tester having a


collection of exploits and vulnerability at their disposal.

 Automated vulnerability scanning – Nessus automates vulnerability scanning and


determines any vulnerabilities. Also lists steps to correct these vulnerabilities.

 Other Automated scanning tools are also available – SARA, SAINT, SATAN…etc..
 Penetration Attempt

After determining the vulnerabilities that exist in the system:

 Identify suitable targets for penetration attempt.


 Estimate time and effort needed to put in for the vulnerable systems.
 Determine the importance on how long the penetration tests take on a system.

Some vulnerabilities exploited by penetration testing and malicious


attackers fall into the following categories:

 Kernel Flaws – Kernel code is the core of the operating system.


 Buffer overflows – Result of poor programming practice.
 Symbolic links – a file pointing to another file.
 File descriptor attacks – Privileged programs can assign inappropriate file descriptor, and exposing it.
 Trojans – Custom built programs or could include programs such as Back-orifice, Net Bus, and SubSeven
 Social Engineering – Obtain information through staff members.
 Penetration Attempt

 Password Cracking has became normal practice in penetration testing:

 Dictionary Attacks – Uses a word list of dictionary file.

 Hybrid Crack- Tests for passwords that are variations of the words in a
dictionary file.

 Brute Force – Tests for passwords that are made up of characters going
through all the combinations.

 Brutus is a tool that can be used to automate telnet and ftp account cracking.

http://www.hoobie.net/brutus
 Analysis and Reporting

After conducting all the tasks, the next thing to do is to generate a report for the company,
and should include:

 Overview of the penetration testing process done.

 Analysis and commentary on critical Vulnerabilities that exists in the network/system.

 Addressing vital vulnerabilities first, then followed by less vital ones.

 Detailed listing of all information gathered during penetration testing.

 Suggestion and techniques to resolve vulnerabilities found.


 Cleaning Up
The cleaning up process is done to clear any mess that had been
made as a result of the penetration tests.

 A detailed and exact list of all actions performed during the


tests must be kept.

 Cleaning up of compromised hosts must be done securely


without affecting operations.

 Clean up to be verified by the organization’s staff.

 Removal of temporary user accounts previously created during


testing.
Limitations of Penetration
Testing
 A penetration test can only identify those
problems that it is designed to look for.

 A penetration tester does not have complete


information about the system being tested.

 A penetration test is unlikely to provide


information about new vulnerabilities, especially
those discovered after the test is carried out.
Conclusion
 A network Security or vulnerability assessment may be
useful to a degree, but do not always reflect the extent to
which the hacker will go to exploit a vulnerability.

 A penetration test alone provides no improvement in the


security of a computer or network. Action to be taken to
address these vulnerabilities found during the Penetration
Testing.
References
 Some of the tools that are popularly used for penetration testing are shown
in this appendix. The tools below are grouped according to the testing
methodologies outlined earlier.

 Information Gathering:
 Nmap – Network scanning, port scanning and OS detection
 URL: http://www.insecure.org/nmap/index.html
 hping – Tool for port scanning.
 URL: http://www.kyuzz.org/antirez/hping.html
 netcat - Grabs service banners / versions.
 URL: http://packetstorm.securify.com/UNIX/netcat/
 firewalk - Determining firewall ACLs.
 URL: http://www.packetfactory.net/Projects/Firewalk/
 ethereal - Monitoring and logging return traffic from maps and scans.
 icmpquery - Determining target system time and netmask.
 URL: http://packetstorm.securify.com/UNIX/scanners/icmpquery.c
 strobe - Port scanning utility
 URL: http://packetstorm.securify.com/UNIX/scanners/strobe-1.04.tgz
 Vulnerability Detection:

 Nessus - Scans for vulnerabilities.


 URL: http://www.nessus.org/
 SARA – Another scanner to scan for vulnerabilities.
 URL: http://www.www-arc.com/sara/

 Penetration Tools:

 Brutus – Telnet, FTP and HTTP Password cracker


 URL: http://www.hoobie.net/brutus
 LC3 – Password cracking utility
 URL: http://www.atstake.com/lc3
THANK - YOU

You might also like