Chapter 8 - 05 - Understand Fundamentals Of Penetration Testing and its Benefits - 04_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Certified Cybersecurity Technician Exam 212-82 PDF
- Chapter 8 - 05 - Understand Fundamentals Of Penetration Testing and its Benefits - 02_ocred.pdf
- Chapter 8 - 05 - Understand Fundamentals Of Penetration Testing and its Benefits - 03_ocred.pdf
- Chapter 8 - 05 - Understand Fundamentals Of Penetration Testing and its Benefits - 04_ocred.pdf
- Chapter 8 - 05 - Understand Fundamentals Of Penetration Testing and its Benefits - 01_ocred_fax_ocred.pdf
- CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition Module 2 PDF
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Phases of Penetration Testing Pre-Attack Phase...
Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Phases of Penetration Testing Pre-Attack Phase Research (Information Gathering) Attack Phase Testing/Exploitation Post-Attack Phase Documentation and Reporting Phases of Penetration Testing There are three phases in penetration testing: the pre-attack, attack, and post-attack phases. Pre-attack Phase This phase focuses on gathering as much information as possible about the target. Information can be gathered invasively through, for example, passive and active reconnaissance, port scanning, service scanning, and OS scanning, or it can be gathered noninvasively by, for example, reviewing public records. Beginning with passive and active reconnaissance, the tester gathers as much information as possible about the target company. Most leaked information is related to the network topology and types of services running within. The tester can use this information to provisionally map out the network for planning a more coordinated attack strategy. Passive reconnaissance involves the following: o Mapping the directory structure of the web servers and FTP servers. o Gathering competitive intelligence. o Determining the value of infrastructure interfacing with the web. o Retrieving network registration information from Whois databases and financial websites. o Determining the product range and service offerings of the target company that are available online or can be requested offline. Module 08 Page 1112 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools o Document sifting, which refers to gathering information solely from published material. o Social engineering can be performed by identifying a conduit (a person who can be targeted easily based on the information gained about personnel) and profiling them. In active reconnaissance, the information-gathering process encroaches on the target territory. Here, the perpetrator may send probes to the target in the form of port scans, network sweeps, enumeration of shares and user accounts, and so on. The tester may adopt techniques such as social engineering and use tools that automate these tasks such as scanners and sniffers. = Attack Phase The information gathered in the pre-attack phase forms the basis of the attack strategy. During the attack phase, the attack strategy is developed and executed. The attack phase involves the actual compromise of the target. The tester may exploit a vulnerability discovered during the pre-attack phase or use security loopholes such as a weak security policy to gain access to the system. The important point here is that while the tester needs only one port of entry, organizations must defend several. Once inside, the tester may escalate their privileges, install a backdoor to sustain access to the system, and exploit it to achieve their goal. = Post-attack Phase The post-attack phase is a crucial part of the testing process, as the tester needs to restore the network to its original state. This involves cleaning up testing processes, removing vulnerabilities created (not those that existed originally), exploits crafted, and so on, until all systems tested are returned to their states prior to testing. The objective of the test is to show where security fails. Unless there is a scaling of the penetration test agreement, whereby the tester is assigned the responsibility to correct the security posture of the systems, this phase completes the process of penetration testing. Activities in this phase include (but are not restricted to) the following: o Reversing all file and setting manipulations performed during the test o Reversing all changes to privileges and user settings o Mapping of the network state o Documenting and capturing all logs registered during the test It is important that the penetration tester documents all their activities and records all observations and results so that the test can be repeated and verified for the given security posture of the organization. For the organization to quantify the security risk in business terms, it is essential that the tester identifies the critical systems and critical resources and maps the threat to these. Module 08 Page 1113 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Penetration Testing Methodologies Various penetration testing frameworks and methodologies exist to help organizations choose the best method to conduct a successful penetration test Most commonly used methodologies: Proprietary Methodologies Open-source Methodologies EC-Council’s LPT 0SSTMM IBM ISSAF ISS NIST McAfee Foundstone OWASP Penetration Testing Methodologies Various penetration testing frameworks and methodologies exist to help organizations choose the best method to conduct a successful penetration test. The cornerstone of a successful penetration test is the methodology involved in devising it. The underlying methodology should help the tester by providing a systematic approach to the testing pattern. The test must satisfy adjectives such as consistency, accuracy, and efficiency, and the testing methodology should be adequate. This does not mean that the entire framework should be restrictive. The two types of penetration testing methodologies are as follows: = Proprietary methodologies There are many organizations that work on penetration testing and offer services and certifications. Network security organizations have their own methodologies that are to be kept confidential. The following are some proprietary methodologies: o EC-Council’s Licensed Penetration Tester (LPT) o IBM o ISS o McAfee Foundstone = Open-source and public methodologies A wide range of methodologies are publicly available. They can be used by anybody and are intended for public use only. o Open Source Security Testing Methodology Manual Module 08 Page 1114 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools The Open Source Security Testing Methodology Manual was compiled by Pete Herzog. It is a standard set for penetration testing to achieve security metrics. It is considered the de-facto highest level of testing, and it ensures high consistency and remarkable accuracy. o Information Systems Security Assessment Framework The Information Systems Security Assessment Framework evaluates an organization’s information security processes and policies. o National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is a federal technology agency that works with the industry to develop and apply technology, measurements, and standards. o Open Web Application Security Project The Open Web Application Security Project is an open-source methodology. It provides a set of tools and a knowledge base, which help in protecting web applications and services. It is beneficial for system architects, vendors, developers, security professionals, and consumers who might work on designing, developing, deploying, and testing the security of web services and web applications. o CREST CREST is the not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognized accreditation for organizations and individuals providing penetration testing, cyber incident response and threat intelligence services. Module 08 Page 1115 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.