Penetration Testing RoadmapStart Here Firewall Penetration Testing Router and Switches Penetration Testing Internal Network Penetration Testing IDS Penetration Testing Wireless Network P
Trang 2Penetration Testing Roadmap
Start Here
Firewall
Penetration Testing
Router and Switches
Penetration Testing
Internal Network
Penetration Testing
IDS
Penetration Testing
Wireless Network
Penetration Testing
Denial of Service
Penetration Testing
Password Cracking
Stolen Laptop, PDAs and Cell Phones
Social Engineering Application
Cont’d
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
Trang 3Penetration Testing Roadmap
Penetration Testing
Log Management
Penetration Testing
File Integrity Checking
Blue Tooth and Hand held Device
Penetration Testing
Telecommunication And Broadband Communication
Email Security
Penetration Testing
Security Patches
Penetration Testing
Trang 4Stolen Laptop Testing
Cell phones and PDAs carry sensitive data.
Executives and mobile workers depend on
these devices everyday.
The loss of a PDA or BlackBerry is equivalent y q
to losing a laptop and the sensitive data
inside.
Trang 5Laptop Theft
If a laptop were lost
• What information of a strategic nature would
If a laptop were lost
be disclosed?
Real examples of this type of information include pending mergers, new product intellectual property, strategies and launch plans, and previously undisclosed g p , p yfinancial operating results
• What information of a tactical nature would be
disclosed?
Examples include private compensation information
Examples include private compensation information, plans for organizational changes, proposals to clients, and the myriad of similar information that can be gained from reading a person's email, calendar,
t t ll ti f d t d d h tcontacts, or collection of documents and spreadsheets
Trang 6Laptop Theft (cont’d)
If a laptop were lost
• What information about the company's
network or computing infrastructure
p p
network or computing infrastructure would be revealed that would facilitate an electronic attack?
Examples of this type of information include usernames and passwords dial in numbers IP addressing schemes, DNS naming conventions, ISPs used, primary mail servers, and other
networking details related to connecting the
laptop to the corporate or Internet environment
• What personal information about the
laptop owner can be obtained?
Trang 7Penetration Testing Steps
1 • Identify sensitive data in the devices
2 • Look for passwords
3 • Look for company infrastructure or finance documents
4 • Extract the address book and phone numbers
5 • Extract schedules and appointments
5
6 • Extract applications installed on these devices
• Extract e-mail messages from these devices
7 • Extract e-mail messages from these devices
8 • Gain access to server resources by using information you extracted
• Attempt social engineering with the extracted information
Trang 8Step 1: Identify Sensitive Data in
the Devices
Laptops and PDA contain
sensitive information, such as:
• Company finance documents
Trang 9Look for Personal Information in
the Stolen Laptop
Bank Account NumberInternet Shopping AccountCredit Card DetailsCheck Tax ReturnPan Card Details Passport Details Check Resume of the HostCheck his Digital Signature
Trang 10Step 2: Look for Passwords
Search for the following passwords:
VNC password Email account passwords p Active directory passwords
W b it hi t d Website history passwords Passwords stored in the registry
FTP passwords SSH/Telnet passwords Application passwords
Trang 11Step 3: Look for Company Infrastructure or Finance Documents
Sometimes the laptop might
contain company infrastructure
• Building plans
l f
contain company infrastructure
documents, such as:
• Plan of operations
• Overseas operations and procedures
• Company handbooks or manuals
• Contracts and agreements.Contracts and agreements
Trang 12Step 4: Extract the Address Book and Phone Numbers
PDA d l t t i dd b k
PDA and laptops contain address book
Look for the following data:
Trang 13Step 5: Extract Schedules and
Appointments
Look for schedules and appointment
• What is the time and date of the meeting?
pp information in the PDA and laptop:
g
• Who are the attendees?
• What is the location of the meeting?
• What is the agenda for the meeting? What is the agenda for the meeting?
• Has the meeting confirmed?
• How long is the meeting?
Trang 14Step 6: Extract Applications Installed on these Devices
• Finance software such as Quicken and
Microsoft Money can provide rich information
Trang 15Step 7: Extract Email Messages
from these Devices
Email messages can provide a lot of sensitive
information
Sometimes you might find passwords and
access codes
Scan the entire email content for information
that could be used to gain access to the system
Trang 16Step 8: Gain Access to Server Resources
by Using Information you Extracted y g y Gain access to network resources using information from
the PDA and laptops.
Trang 17Step 9: Attempt Social Engineering with the Extracted Information
The extracted information could be used for social
engineering as well.
Trang 18Check for BIOS Password
Check whether the BIOS password,/boot password/ hard p ,/ p /
disk password is enabled.
Check whether BIOS setting has hard disk as a bootable
device.
Check whether the user has different username and
password from the domain’s logon used on the laptop.
Trang 19Look into the Encrypted File
Check whether any file is not proving clear test it
means it is encrypted.
Try to decrypt the file using cryptographic tools
Gather information from that file
Gather information from that file.
Trang 20Check Cookies in Web Browsers
Check the following:
• Cookies
• History file
• Temp file
• Recycle bin
Check whether the above files contain any information in it
Check whether any password file is available
Check whether any password file is available.
Trang 22Attempt to Enable Wireless
Switch on wireless or Bluetooth near the company campusp y p
Scan for the LAN network of the company
Locate the LAN network and search SSID in the laptop
Check whether SSID is asking for password
Check password strength and try to break it by password cracking techniques
Enable wireless or Bluetooth to get connected with the network
Trang 23All the information that is extracted from the steps mentioned are
documented for analysis.
In the first step, the sensitive data in the device is identified such as
company finance documents, email messages, and Excel spreadsheets.
In the second step, we looked for passwords such as VNC, and email
account passwords
Extraction of schedules and appointment details such as time, date, venue
of the meetings, attendees of the meeting, and meeting confirmation are g , g, g
gathered.