Chapter 8 - 05 - Understand Fundamentals Of Penetration Testing and its Benefits - 02_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Chapter 8 - 05 - Understand Fundamentals Of Penetration Testing and its Benefits - 01_ocred.pdf
- Chapter 8 - 05 - Understand Fundamentals Of Penetration Testing and its Benefits - 02_ocred.pdf
- Chapter 8 - 05 - Understand Fundamentals Of Penetration Testing and its Benefits - 03_ocred.pdf
- Chapter 8 - 05 - Understand Fundamentals Of Penetration Testing and its Benefits - 04_ocred.pdf
- Cisco Skills For All.pdf
- Chapter 8 - 05 - Understand Fundamentals Of Penetration Testing and its Benefits - 04_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Rules of E...
Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Rules of Engagement QO The rules of engagement (ROE) is the formal permission to conduct penetration testing ROE 4 O ROE provides “top-level” guidance for conducting & Top-level the penetration test Guidance ‘ O ROE helps testers overcome legal, federal, and , policy-related restrictions to use different ROE’s penetration testing tools and techniques Assistance Copyright © by L. All Rights Reserved. Reproduction is Strictly Prohibited. Rules of Engagement (Cont’d) 01 03 Scoping and ROE are two Scoping defines what should The ROE specifies the aspects that need to be be tested, while ROE defines manner in which the handled independently the agreement on how testing penetration test should while engaging in a should be performed within be conducted penetration testing certain limitations and rules assignment during penetration testing Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibite Rules of Engagement ROE is the formal permission to conduct a penetration test. It provides “top-level” |N guidance for conducting the penetration test and certain rights and restrictions to the test team for performing the test. It also helps testers to overcome legal and policy-related restrictions and use different penetration testing tools and techniques. Module 08 Page 1099 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Based on the organization’s requirements, the ROE may allow testers to conduct some technical and nontechnical activities such as port scanning, social engineering, and network sniffing and may restrict certain activities such as password cracking and SQL injection attacks. All the activities that a penetration tester must perform during the test are explicitly defined in the ROE, and therefore, it acts as a guide to penetration testers. Scoping and ROE Scoping and ROE are two aspects must be handled independently while engaging in a penetration testing assignment. Scoping defines what should be tested, while ROE defines the agreement on the process of testing that must be performed with certain limitations and rules. The ROE specifies the manner of conducting the penetration test. Framing an ROE involves the steps listed below: 1. Estimate the cost, time, and effort that the organization can invest. 2. Decide on the desired depth for penetration testing. 3. Conduct precontract discussions with different penetration testers. 4 Conduct brainstorming sessions with the top management and technical teams. Module 08 Page 1100 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Comparing Security Audit, Vulnerability Assessment, and Penetration Testing @ Vulnerability Security Audit Assessment @ Penetration Testing O A security audit checks Q A vulnerability assessment O Penetration testing is a whether an organization focuses on discovering the methodological approach to follows a set of standard vulnerabilities in an security assessment that security policies and information system but encompasses a security procedures provides no indication of audit and vulnerability whether the vulnerabilities assessment, and it can be exploited or of the demonstrates whether the amount of damage that may vulnerabilities in a system result from the successful can be successfully exploitation of the exploited by attackers vulnerabilities Copyright © by EC ¢l All Rights Reserved. Reproductionis Strictly Prohibited Comparing Security Audit, Vulnerability Assessment, and Penetration Testing Security audit: A security audit is used to evaluate whether the security of a company’s information fulfills a set of established criteria and to ensure that the company is in compliance with its regulations, security policy, and legal responsibilities. Different types of audits are used to evaluate a company’s security processes. A security audit only checks whether the organization follows a set of standard security policies and procedures. Vulnerability assessment: It is used for identifying and measuring the severity of vulnerability in a system; usually, it is used to identify common vulnerabilities in a system’s configuration. Vulnerability assessment provides to organizations a list of vulnerabilities that need to be fixed, without estimating specific goals or scenarios. The list is provided according to the severity level of the vulnerability or business criticality. Vulnerability assessment is suitable for an organization that is not secure, wishes to get started, has a medium-to-high security maturity, and wishes to maintain the security posture of its network. Although vulnerability assessment focuses on discovering the vulnerabilities in an information system, it provides no indication of whether the vulnerabilities can be exploited or of the amount of damage that may result from the successful exploitation of the vulnerabilities. Penetration testing: A penetration test is a goal-oriented exercise; it focuses on real- time attacks instead of discovering a specific vulnerability. The penetration tester acts as a hacker and follows all the steps a real hacker would to breach a system. This type of testing is suitable for organizations at a high maturity level of security. Penetration testing is a methodological approach to security assessment that encompasses a security audit and vulnerability assessment, and it demonstrates whether the Module 08 Page 1101 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools vulnerabilities in the system can be successfully exploited by attackers as well as the amount of damage that may result from the successful exploitation of the vulnerabilities. Module Module 08 Page Page 1102 Certified Certified Cybersecurity Technician Technician Copyright Copyright ©© by EG-Counecil EG-Gouneil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Blue Teaming/Red Teaming Blue Teaming Red Teaming O An approach where a set of security O An approach where a team of ethical responders performs analysis of an hackers perform penetration test on information system to assess the an information system with no or adequacy and efficiency of its security very limited access to the controls organization’s internal resources O Blue team has access to all the O It may be conducted with or without organizational resources and warning IGton O Itis proposed to detect network and O Primary role is to detect and mitigate system vulnerabilities and check 2] red team (attackers) activities, and to security from an attacker’s anticipate how surprise attacks might { ) perspective approach to network, occur v system, or information access Copyright © by EC-( cil. All Rights Reserved. Reproductionis Strictly Prohibited. Blue Teaming A blue team (also known as defender team) is a group of highly skilled individuals, who undertake assessment of information security or products to identify security deficits, to determine the adequacy of security measures, to foresee efficacy of proposed security solutions, and so on, to defend against various attacks. Blue team The blue team may include system administrators and general IT staff and has access to all the organizational resources and information. Blue teaming is the least expensive and the most frequently used security assessment approach. Its primary role is to detect and mitigate red team (attackers) activities, and to anticipate the surprise attacks that might occur. Red Teaming A red team (also known as aggressor team) is a group of white-hat hackers (ethical hackers) who attempt to launch attacks against an organization’s digital infrastructure, as would a malicious attacker, to test the organization’s security posture. It is proposed to detect network and system vulnerabilities and check security from an attacker’s perspective approach to network, system, or information access and it may be conducted with or without warning. Red teaming may include system administrators from various departments in an organization and they perform penetration test on an information system with no or a very limited access to the organization’s internal resources. Module 08 Page 1103 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Purple Teaming/White Teaming Purple Teaming White Teaming O A purple team includes both blue and red team members, O A white team acts as a mediator for negotiating an i.e., both the aggressor team and defender team engagement between a red team and blue team O This team acquires knowledge on both the red and blue team Q This team does not perform any testing and only monitors.. L the activities of the red and blue teams Q The purple team can establish continuous communication, provide real-time feedback, perform frequent security O The white team is responsible for gaining insight by auditing and threat hunting, implement the latest defense conducting post-engagement activities techniques, etc. Purple Teaming A purple team includes both blue and red team members, i.e., both the aggressor team and the defender team. The core motive of the purple team is to enhance protection and boost the security standards of the organization. Purple team members acquire knowledge on both the red team and blue team by combining all the defensive strategies and mechanisms from the blue team with the threats and susceptibilities determined by the red team. Threat intelligence data are shared between the red team and blue team to improve security practices and gain insight into the attackers’ tactics, techniques, and procedures (TTPs). A purple team can establish continuous communication, provide real-time feedback, perform frequent security auditing and threat hunting, implement the latest defense techniques, configure detection mechanisms, and monitor the network for known threats. The combined work of both the blue team and red team also improves the skills of the team and can further help in scrutinizing the security posture of the IT assets in large organizations. White Teaming The white team acts as a mediator for negotiating an engagement between a red team and blue team in an operation dealing with information and systems in an organization. This team mainly focuses on analysts, logistics, management, and compliance. White team members can also be third-party individuals who do not perform any testing and simply monitor the activities performed by the red and blue teams. This team is responsible for framing rules of engagement, establishing boundaries for the attacks to protect company assets or systems, organizing the teams efficiently, and setting specific strategies to avoid possible threats in the future. Module 08 Page 1104 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools The white team has prior knowledge of the activities of the red team and the defensive techniques utilized by the blue team. The white team monitors the activities of both teams and ensures that the testing range does not exceed a pre-defined limit. The white team is also responsible for gaining insight by conducting post-engagement activities for further improvements. For this purpose, the team generates a report comprising the information regarding various approaches and tactics used by an attacker and defensive procedures required to counteract the attacks. Module 08 Page 1105 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
