CEHv8 module 20 penetration testing

Học viện Công Nghệ Thông Tin Bach Khoa security News October 02, 2032 City of Tulsa Cyber Attack Was Penetration The City of Tulsa, Oklahoma last week began notifying residents that

Trang 2

Học viện Công Nghệ Thông Tin Bach Khoa

security News

October 02, 2032

City of Tulsa Cyber Attack Was Penetration

The City of Tulsa, Oklahoma last week began notifying residents that their personal data may have been scoessed -— but & now turns out that the

“City officials didn't realize that the apparent breach wes caused by the security fem, Uteah-besed

SecurityMetrics, until after 90,000 letters had been sent to peaple who had apptied for city jobs or

made crime reports online over the past decade, warning them that their personal identification

information mgt have been accessed.” writes Tulsa World's Brian Barber “The mailing cost the city $20.000, officials said.”

.” FOX23 News reports

jartp-//\www esecurityponet_ com

Trang 3

m IMIodule Objectives

Security Assessments Pre-Attack Phase

Penetration Testing Post-Attack Phase

What Should be Tested?

Templates

ROlLon Of on Penetration Penetration Testtne Testing = Pen Testing Roadmap

Types of Penetration Testin E Webd Application resting

Common Penetration Testing Outsourcing Penetration Testing

Trang 4

i IWViodule Flow Học viện Công Nghệ Thông Tin Bach Khoa

Cooœyright ee ee eee Bes a el

Trang 5

security Assessments

Every organization uses different types of security

Level of 6 assessments to on its

Security, network resources

pm = z

Each tyoe of security assessment requires the people conduct ng the assessmerit

em fd to have

Security Assessment Categories

Trang 6

to a set of physical security measures, data handling

processes, and user Practices against a

curity crrteria

° «

ft S ££@eneraIty used to ar reve and

A security aucit ensure: that an organization

bemonstrate compliance to

such as HIPPA, SO>

ad te a ee ee ee ee eee ee ee

Trang 7

OS's, and applications x4

ae

Vuinerability scanners can test

systems and network devices for exposure to common

attacks

Copyrigm © by [© eeacil At Rights Reserved Reoroducton is Surictly Prohileed

Trang 8

Limitations of Vulnerability Assessment

Security

It must be updated when

new vulnerabilities are

or are

it does not measure the

influence

made to the software being used

ead te A ee ee ee Me ee eae Prohitxseđ

Trang 10

Penetration testing that is not completed professionally

can result in the and disruption of the business continuity

Penetration testing assesses the of the

organization as a whole

breaking into the network

A penetration tester is differentiated from an attacker only

by his

Trang 11

dentity the ror testing and facing an organizateon vabdataag the

informat»on assets of security protections

and cortrols

Reduce an organzation's expenditure it focuses on high severity

on fT security and enhance : vulnerabilities and emphasizes

iGemtistying and remediating devweloomern teams and

vubnerabdities or weaknesses management

Provide assurance with comprehensive < > Providing comprehensive approach

including policy, procedure, design, and taxen to prevernt upcoming

to tegal anc industry regulations | hardware, oc network design

AGO ncom pk ance

Cooyright © by (C Ceeecil 28 Rights Reserved Reproducton is Sorictly Prohibred

Trang 12

Comparing Security Audit, Vulnerability

Assessment, and Penetration Testing

whether the organization is on methodological approach to

provides no michcation if the

vulnerabilities can be explotted or ind vulnmerabdity assessment and the amount of damage that may demonstrates if the

result from the successful Yulnerabelities in system can be exploitation of the vulnerability successfully explorted by

Trang 13

Communications Public facing systerns;

commerce failure and remote access platforms and web servers

2 3 4

Loss of confidential Mail, DNS, firewalis,

Testing should be performed on all hardware and software components of 4 network security system

Trang 14

“E1 ^^

tstabashing the parameters for the penetration test such as obpective liTutations

mo the pustification of procedures

riring skoled and experienced professionals to perform the test

roliowMme 2 methodology with proper pianning and Cocumentats

Documenting the result carefully and making t comprehensible for the chen

—- _hoosing 2 suitebie set of tests that balance cost and benefit

._

Trang 15

Penetration testing helps the companies in ide

—— i understanding, and addressing the :

om I which saves therm a lot of money resulting in

Demornstration of RO is a critical process for the succes

we — _ we im setiing the Pen-test

v Demonstrate the ROI for Pen- test with the help of a business

` —— Ý case scenario, which includes the expenditure and the profits

iwrvolved in it

Companies will spend on the pen-test only if they have

a proper knowledge on the benefits of the Pen-test

Coeyrigit © by số Al hights Reserved Reproducton is Srrictly Prohiteted

Trang 16

Testing Points

Suction 's Scrictly Prohibited

Trang 17

The pentest team may have a choice of

doing the test either remotely or on-site

_—_ ® remote assessment may sinulate an

* external hacker attack However, it may miss assessing internal guards

An on-site assessment may be expensive

* and may not simulate an external threat

8 Ea

Trang 18

Trang 19

External Testing

External testing involves analysis

a network enumeration phase,

and the behavior of the sec urity

Trang 20

-Học viện Công Nghệ Thông Tin Bach Khoa

IE External Penetration Testing

External penetration testing involves a « of company’s externally visible

servers or devices such as:

: , The goe!l of an external f+etra19O0'1 testing (5š to Ì

¡ Mis thet approach to penetration re ,

testi demonstrate the

| that could be exploited by an externa! attacker

an be performed without of the it helps the testers to check if system

target to be tested or with full Gesclosure of the target's and protecting the Dusmess

am trom wmforrmation lost and disclosure

Copyrigit © by LC Seeeci! At Rights Reserved Reproduction is Strictly Prohitined

Trang 21

internal penetration testing focuses on comparyy s } such as DMZs,

network connections, epp ication services, etc

and comprehensive analysis of

that arise within the company

lhe goal of internal penetration testing is to

Trang 22

Time consuming and @

expensive type of test

Le

Mm tahes considerable amount

of time for discovering the Go

nature of the infrastructure

and how it works

Penetration test must be

Thés test sienutates the © we carreed owt after extensive

process of a real hacker information gathering and

research

aa

j

)

Co@y:right © by ÍC feaaci! Al Rights Reserved Reproducton is Sirictly Prohibited

Trang 23

1-5 a a a

in a grey box test, it performs security Approaches towards Performed mostly when a

the tester usually assessment and the application securty penetration tester startx

has a limited testing internally that tests for all a black box test on well

order to conduct a

thorough review

Trang 24

information is provided such as

tưyfrastructure firewall / IDS

details

Trang 25

Announced Testing

is an attermpt to compromise systems on the client with the full

of the IT staf?

txam‹:nes the nfrastructure for oossible vulnerabilities

involves the security staff on the

penetrateon testing tears to

Unannounced Testing

is an attempt to compromise systems on the chent networks

of tt

security personne!

Aliows only the

to be aware of these tests

-xarmnes the security

Trang 26

Automated testing can result int

KÝ =1

need frequent updating to be effective , -

As with vulnerability scanners, there can be 7,

Copoxrlght © >ự ÍC Ceamecd All Sights ®eserved Reproduction is Strtctly ProhBited

Trang 27

ĐẠI HỌC

Manual testing is the best option an organization can choose to benefit from the experience ofa

capture the results of

the testing process

Trang 28

IViodule Flow CiEH

es a ee ed ee ee ee a eee ts

Trang 29

ác tx usedi to ge+ à ldea cẾ tầe ( 14 oi being tested

&—=¬—~ —" p machine to pze14 ther

SSIES EUS SON BASEL

r is used to capture the data as it trawels across a network

, Are malicious code of program: usually sent into a network 2s « 3

transferred via “Instant Ma

= & the most commonly known pass '

EGER PORE LE IL ETO TL AN IO Pe (AC

4 is a comprehensive XS "W Giải + of an orgenization’s network infrastructure

= ts the final phase of testing, making = risk a ssment of Ss much more

F2 co

Trang 30

Using DNS Domain Name and IP Address Information

Jata trom the ONS servers related to the tareet network _^

can be weed to mao a

The IP block of an Organization can be discerned »

— by looking up the domain name and

The DNS record also provides some

valuable information regarding the OS or

applications that are

|

Trang 31

Enumerating Information about Hosts

on Publicly Available Networks

types of traffic that are allowed in

anc out of the network

SO a ee ee eee ie a eke a

Trang 32

Trang 34

Pre-Attack Phase: Define Rules of CÍEH

Engagement (ROE) Savi (warps

PR aia

ROE helps testers to

overcome legal, federal, and

policy related restrictions to use different penetration

testing tools and techniques

ad A ee a ee ee ee ee ee a ee |

Trang 35

identify who will be

nvolved in the reporting

Databases Apop6:catlons

Trang 36

Pre-Attack Phase: Create a Checklist

of the Testing Requirements

What is the for internal and external metwork

and if the cllermt organization requires

standards? If so, do you analysis of its

want us to review therm?

etc.i? such 8s routers and switches?

Trang 37

Pre-Attack Phase: Create a Checklist

of the Testing Requirements (Cont'd)

are deployed across requeres assessment assessme>n of

the orgamzation? of ? tr the metwork?

What and f the organization WVha: are the

are deployed assessment of offerec by the client?

ross the organization?

Trang 38

WwW Pen testing ope detines what to test and how to test

enc On the chent’: operating environment <

@ Pen testing test components dey

tmreat perception, security ar

Social Engineering

Dumpster Diving

intrusion Detection

Client-side Application Security

Application Communication Security

inside Accomplices

intrusion Response

Trang 39

Pre-Attack Phase: Sign Penetration Testing Contract

penetration tester and the company The contract must clearly state the followine:

Objective of the Sensitive indemnification penetration test information clause

> © o ©

a - - oe

Nor- disclosure Fees and project Confidential Reporting and

clause schedule inforrnation responsibdities

Trang 40

Meals ei 18 (2 TOR that the company’s Part will be treated confidentially

it also abn boo Co Loo baa liabilities in the event

OÍ some : rd hap; ing during pen testing

Many documents and other information regarding

pen BSc sors 7515 yêngh information that could

PER s if improperly disclosed

eae la e or bơ “>

Agreemems are designed to be used by both the parties to protect sensitive information from disclosure

Trang 41

Pre-Attack Phase: Sign Confidentiality and Non-Disclosure (NDA) Agreements (Cont’d)

Both parties bear responsibility to

_and from disclosure beyond the terms

specified by 2 written agreement

Trang 42

Pre-Attack Phase: Information

Gathering

Pre-attack phase addresses the and the goals to be

ach:eved

Reconnaissance 1s consedered as the first in the pre-attack phase, which

Hackers try to find out as much as possible abouta Hackers gather information in different ways that allows them to

Types of Reconnaissance

— ee

nvolves collbectifeg Mrormation about Involves information gatherine throueh

3 target trom 1he@ pepacly accessibic social engineering, On-site visits,

sOurces "————— interwews, ang Quesbonnaires

Định dạng
Số trang	73
Dung lượng	2,79 MB