CEHv8 module 20 penetration testing

Ethical Hacking and Countermeasures Copyright © by EC-C0linCilAll Rights Reserved.. Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures... Ethical Hacking and Counte

P enetration T esting

Module 20

Ethical Hacking and Countermeasures Copyright © by EC-C0linCil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2873

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

M a n a g e r J im T w o m b l y "

" T h e c h i e f i n f o r m a t i o n o f f i c e r w h o f a ile d t o d e t e r m i n e t h a t t h e h a c k w a s a c t u a l ly p a r t o f a

p e n e t r a t i o n t e s t has b e e n p la c e d o n a d m i n i s t r a t i v e le a v e w i t h p a y , " w r i t e s S o f t p e d i a 's E d u a rd Kovacs " I n t h e m e a n t i m e , his p o s i t i o n w i l l be f i l l e d b y T ulsa Po lice D e p a r t m e n t C a p t a in

J o n a t h a n B r o o k "

C opyrig h t 2012 Q u in S treet Inc

By Je ff Goldm an

penetration-test-not-hack.html

http://www.esecurityplanet.com/network-securitv/citv-of-tulsa-cyber-attack-was-Ethical Hacking and Countermeasures Copyright © by EC-COUIICil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2875

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

Penetration Testing

J What Should be Tested? 0 u s J Penetration Testing Deliverable Templates

J ROI on Penetration Testing J Pen Testing Roadmap

J Types of Penetration Testing J Web Application Testing

J Common Penetration Testing J Outsourcing Penetration Testing

Pen T e s t in g C o n c e p t s ןןןזןןן T ypes o f Pen T e s tin g

Ethical Hacking and Countermeasures Copyright © by EC-C0linCil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2877

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

I

PenetrationTesting

S e c u r it y

A s s e s s m e n t C a t e g o r ie s

Vulnera bilityAssessm ents

Ethical Hacking and Countermeasures Copyright © by EC-COUIICil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2879

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

Additionally, vulnerability scanners can identify common security configuration mistakes

Ethical Hacking and Countermeasures Copyright © by EC-C0linCil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2881

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

H o s t -b a s e d s c a n n e r s u s u a ll y r e q u i r e a s o f t w a r e a g e n t o r c l i e n t t o b e i n s t a l l e d o n t h e h o s t T h e

c l i e n t t h e n r e p o r t s b a c k t h e v u l n e r a b i l i t i e s it f in d s t o t h e s e rv e r H o s t - b a s e d s c a n n e r s l o o k f o r

f e a t u r e s s u c h as w e a k f i l e access p e r m is s io n s , p o o r p a s s w o r d s , a n d l o g g i n g fa u lt s

in time

It must be updated when new vulnerabilities are discovered or modifications are made to the software being used

The methodology used as well as

the diverse vulnerability scanning

software packages assess

security differently

It does not measure the

strength of security controls

Ethical Hacking and Countermeasures Copyright © by EC-C0linCil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2883

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

In the context of penetration testing, the tester is limited by resources - namely time, skilled resources, and access to equipment - as outlined in the penetration testing agreement

Most attackers follow a common approach

Ethical Hacking and Countermeasures Copyright © by EC-COUIICil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2885

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

A penetration tester is differentiated from an attacker only

by his intent and lack of malice

k P e n e t r a t i o n T e s t i n g

P e n e t r a t i o n t e s t i n g goes a s t e p b e y o n d v u l n e r a b i l i t y s c a n n in g in t h e c a t e g o r y o f

s e c u r it y a s s e s s m e n ts W i t h v u l n e r a b i l i t y s c a n n in g , y o u can o n l y e x a m in e t h e s e c u r it y o f t h e

i n d i v id u a l c o m p u t e r s , n e t w o r k d e v ic e s , o r a p p li c a t i o n s , b u t p e n e t r a t i o n t e s t i n g a l l o w s y o u t o assess t h e s e c u r i t y m o d e l o f t h e n e t w o r k as a w h o l e P e n e t r a t i o n t e s t i n g ca n h e l p y o u t o r e v e a l

such as p a t c h m a n a g e m e n t c y c le s can be e v a l u a t e d A p e n e t r a t i o n t e s t can r e v e a l p ro c e s s

in c o m m i t t i n g c o m p u t e r c r im e , d e s p it e t h e b e s t i n t e n t i o n s

Ethical Hacking and Countermeasures Copyright © by EC-COUIICil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2887

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

Ethical Hacking and Countermeasures Copyright © by EC-COUIICil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2889

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

A security audit just checks

whether the organization is

following a set of standard security

policies and procedures

A vulnerability assessment focuses

on discovering the vulnerabilities

in the information system but provides no indication if the vulnerabilities can be exploited or the amount of damage that may result from the successful

Penetration testing is a methodological approach to security assessment that encompasses the security audit and vulnerability assessment and demonstrates if the vulnerabilities

in system can be successfully

C E H

An organization should conduct a risk assessment operation before the penetration testing that will help to identify the main threats, such as:

All Rights Reserved Reproduction is Strictly Prohibited.

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

Ethical Hacking and Countermeasures Copyright © by EC-C0linCil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2893

e D e m o n s t r a t e t h e ROI f o r a p e n t e s t w i t h t h e h e lp o f a b u s in e s s case s c e n a r i o , w h i c h

in c lu d e s t h e e x p e n d i t u r e a n d t h e p r o f i t s i n v o l v e d in it

Penetration Testing

^ a u> ? ׳Ve

^ reallstic dvar't*ge

Ethical Hacking and Countermeasures Copyright © by EC-C0linCil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2895

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

An on-site assessment may be expensive

* and may not simulate an external threat exactly

% ״ ;

Ethical Hacking and Countermeasures Copyright © by EC-C0linCil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2897

T y p e s o f P e n e t r a t i o n T e s t i n g C E H

I n t e r n a l T e s t in gInternal testing involves testing computers and devices within the company

of publicly available information,

a network enumeration phase, and the behavior of the security devices analyzed

All Rights Reserved Reproduction is Strictly Prohibited.

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

E x t e r n a l P e n e t r a t i o n T e s t i n g C E H

J External penetration testing involves a comprehensive analysis of company's externally visible

servers or devices, such as:

Ethical Hacking and Countermeasures Copyright © by EC-C0linCil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2901

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

w e a k n e s s e s o f c o m p u t e r s y s t e m in s id e t h e p a r t i c u l a r n e t w o r k T h e i n t e r n a l s e c u r it y a s s e s s m e n t

g iv e s a c le a r v i e w o f t h e s ite 's s e c u r it y I n t e r n a l s e c u r i t y a s s e s s m e n t has s i m i l a r m e t h o d o l o g y lik e e x t e r n a l p e n e t r a t i o n t e s t i n g T h e m a i n p u r p o s e b e h in d t h e i n t e r n a l p e n e t r a t i o n t e s t i n g is

Ethical Hacking and Countermeasures Copyright © by EC-C0linCil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2903

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

W h i t e - b o x P e n e t r a t i o n T e s t i n g C E H

*s

O

J Complete knowledge of the infrastructure that needs to be tested is known

J This test simulates the process of company's employees

T his t y p e o f p e n e t r a t i o n t e s t is b e in g c o n d u c t e d w h e n t h e o r g a n i z a t i o n n e e d s t o assess its

s e c u r it y a g a in s t a s p e c if ic k in d o f a t t a c k o r a s p e c if ic t a r g e t In t h i s case, t h e c o m p l e t e

i n f o r m a t i o n a b o u t t h e t a r g e t is g iv e n t o t h e p e n t e s t e r s T h e i n f o r m a t i o n p r o v i d e d can i n c l u d e

n e t w o r k t o p o l o g y d o c u m e n t s , a sset i n v e n t o r y , a n d v a l u a t i o n i n f o r m a t i o n T y p ic a lly , an

o r g a n i z a t i o n w o u l d o p t f o r t h i s w h e n it w a n t s a c o m p l e t e a u d i t o f its s e c u r it y

Ethical Hacking and Countermeasures Copyright © by EC-C0linCil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2905

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

A u t o m a t e d T e s t i n g C E H

U tlilM itfc u l ■*ck•*

Automated testing can result in time and cost savings over a long term; however, it cannot replace an experienced security professional

Tools can have a high learning curve and may need frequent updating to be effective

With automated testing, there exists no scope for any of the architectural elements to betested

As with vulnerability scanners, there can be false negatives or worse, false positives

Ethical Hacking and Countermeasures Copyright © by EC-C0linCil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2907

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

Penetration Testing

t h e m a n a g e m e n t o f t h e o r g a n i z a t i o n a n d t h e t e c h n i c a l a u d ie n c e s w h a t t h e y h a v e d is c o v e r e d ,

t h e p ro c e s s e s t h e y u sed , a n d t h e r a m i f i c a t i o n s o f all t h e r e c o m m e n d a t i o n s A d d i t i o n a l l y , t h e y can i n f o r m in p e r s o n , as an i n d i v id u a l e n t i t y h e lp in g t o s u p p o r t t h e IT s e c u r it y d e p a r t m e n t

a u g m e n t i n g t h e b u d g e t s r e q u i r e d

documentation to capture the results of the testing process

0

Q The objective of the professional is to assess the security posture of the organization from an attacker's perspective

00

C o p y rig h t © b y IG-G*IIIICil A ll R ig h ts R e s e rv e d R e p ro d u c tio n is S tr ic tly P ro h ib ite d

Manual testing is the best option an organization can choose to benefit from the experience

of a S ? E ? lsecurity professional

00

Ethical Hacking and Countermeasures Copyright © by EC-C0linCil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2909

Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures

Pen T e s t in g T e c h n i q u e s Pen T e s tin g Phases

C E H

C o m m o n P e n e t r a t i o n T e s t i n g

T e c h n i q u e s

P a s s iv e R e s e a rc h Is used t o g a th e r all th e in fo rm a tio n a b o u t an o rg a n iza tio n 's system c o n fig u ra tio n s

O p e n S o u rc e M o n it o r in g Facilitates an o rg a n iza tio n to ta k e necessary steps t o ensu re its c o n fid e n tia lity

a n d in te g rity

N e t w o r k M a p p i n g a n d

OS F in g e r p r in t in g Is used t o g e t an idea o f th e n e tw o rk 's c o n fig u ra tio n being tested

S p o o fin g

Is th e a ct o f using one m ach in e t o p re te n d to be a n o th e r

Is used here f o r b o th in te rn a l and e x te rn a l p e n e tra tio n tests

N e t w o r k S n if fin g Is used t o c a p tu re th e da ta as it tra ve ls across a n e tw o rk

T r o ja n A tta c k s A re m a licio u s code o r p rogram s u su a lly se n t in to a n e tw o rk as e m a il a tta c h m e n ts o r

tra n s fe rre d v ia " In s ta n t M essage" in to ch a t room s

Ethical Hacking and Countermeasures Copyright © by EC-COUIICil

All Rights Reserved Reproduction is Strictly Prohibited Module 20 Page 2911

a s s o c i a l e n g i n e e r i n g , a s w e l l It is n e c e s s a r y t o p o i n t o u t t h a t p r i o r a p p r o v a l f r o m

m a n a g e m e n t is a c r i t i c a l a s p e c t t o b e c o n s i d e r e d b e f o r e i n d u l g i n g i n s u c h a c t i v i t i e s

Ethical H acking a n d C o u n te r m e a s u r e s C o p y rig h t © by EC-COUIICil

M o d u le 2 0 P a g e 2 9 1 5

P e n T e s t i n g T e c h n i q u e s ן ^ י ן _ P e n T e s t i n g P h a s e s

P e n T e s t i n g R o a d m a p O u t s o u r c i n g P e n T e s t i n g S e r v i c e s

■

B D atab ases Yes ם N o □

n A p p lic a tio n s Yes □ N o □

י מ P hysical se cu rity Yes □ N o □

* T e le co m m u n ica tio n s Yes □ N o □

P r e - A t t a c k P h a s e : C r e a t e a C h e c k l i s t

W h a t is th e IP address co n fig u ra tio n fo r internal and external n e tw o rk connections?

If th e organization requires pen

te stin g o f in d iv id u a l hosts?

If th e clie n t organization requires analysis o f its In te rn e t presence?

Do you have any se curity

re lated policies and

standards? If so, do you

w a n t us to review th e m ?

H ow many

n e tw o rk in g devices exists on th e client's

n etw o rk?

It th e organization requires pen testing o f n e tw o rk in g devices such as routers and switches?

Copyright © by IC -C cuncil All Rights Reserved Reproduction is S trictly Prohibited.

W h a t is th e n e tw o rk layo u t (segments, DMZs, IDS, IPS, etc.)?

If th e o rga n iza tio n re qu ire s assessm ent o f ana lo g device s in th e n e tw o rk ?

W h a t s e c u rity c o n tro ls If th e o rga n iza tio n

are d e p lo ye d across re q u ire s assessm ent

th e o rga n iza tio n ? o f w ire le s s n e tw o rk s ?

W h a t are t h e w e b

a p p lic a tio n and se rv ice s

o ffe re d by t h e c lie n t?

Copyright © by IC -C cuncil All Rights Reserved Reproduction is S trictly Prohibited.

W h a t w o rk s ta tio n and If th e o rga n iza tio n

s e rv e r o p e ra tin g re q u ire s th e

system s are d e p lo ye d assessm ent o f w e b

across th e o rg a n iza tio n ? in fra s tru c tu re ?