Professional Documents
Culture Documents
by simulating an attack on a computer system or a network from external and internal threats . It involves active analysis of the system for any potential vulnerabilities (weakness) that could result from poor/improper system configuration , both known and unknown hardware or software flaws , etc,.
attacker , involving active exploitation of security vulnerabilities (Eg. scanning IP addresses). And moreover management usually want to address the vulnerabilities that are present in the system found through a penetration test .
1) Intrusion Detection
2) Increasing Security
Tools used
Metasploit Framework :
It is one of the most commonly used tools for penetration testing . 2. It provides information about security vulnerabilities and also develop and execute exploit code against a machine .
1.
Tools used
Veracode :
It determines whether sufficient Encryption is employed and also whether a piece of software contains any application doors . Nmap : 1. It stands for Network mmapping . 2. It scans for host, services and port information .
1.
Tools used
Wire Shark (packet sniffer) :
Report and capture any traffic within a network . 2. Great tool to access network bag-downs , protocol analysis , suspicious traffic ,etc ,.
1.
Tools used
Cain and Abel :
Password recovery tool for windows . 2. It uses dictionary attacks , brute force and cryptanalysis as well as methods to decode encrypted passwords .
1.
Tools used
John The Riper : 1. It is a password cracker runs on LINUX / UNIX , MAC OSX and Windows . 2. It can be run against various encrypted passwords including several crypt password hash types that runs on various platforms of UNIX .
Tools used
Snort :
NIPS AND NIDS . 2. It uses signature , protocol and anomaly based inspection methods to detect suspicious traffic trying to enter a network . 3. Also used as packet sniffer and packet logger .
1.
Tools used
Kismet :
Powerful packet sniffer and intrusion detection system for 802.11 wireless LAN . 2. Kismet can work with any wireless card which supports raw monitoring mode . 3. Also supports plugins which allows sniffing other media such as DECT , etc ,.
1.
Tools used
Hping 3 :
It has built in trace route mode . 2. Particularly used when trying to trace route hosts behind a firewall that blocks attempts using standard utilities .
1.
Schematic Diagram
vulnerabilities of a system and also provides an overview of the flaws exists in a system .
1. It gains unauthorized access to the network or system and identifies possible impacts of system flaws .
It is a method of software testing that examines the functionality of an application without peering into its internal structures . White box (Clear box, Glass box) test : It is a method of software testing that examines the functionality of an application by peering through its internal structures .
4)
5) 6)
Planning and Preparation Gathering information and analysis Vulnerability detection Penetration attempt Reporting Cleaning up
demonstrate the exploitable vulnerabilities in the Organization's network infrastructure . A penetration tester involves in breaking the law by intruding legally/illegally into the system or a network. The important thing is , even if it is carried by staff members on their system or network , they should obtain the relevant legal documents protecting them against legal actions .
should anything go wrong during the tests . Avoid loading the network during penetration testing as it allows the system to crash . The potential attacker should obtain necessary information as well as time allotment from the management . And also the information obtained during the penetration test will be kept confidential .
for getting necessary information . Netcraft engineers have developed a service that made our information gathering simpler . An important method is done by Nmap , which is a penetration tool .
Vulnerability Detection
Weakness of a system or a network can be done found
in two ways 1. Manually : The penetration tracker will search for the vulnerabilities in the system . Ex: Microsoft have discovered a vulnerability called dot-bug in their personal web server and its still existing in Windows 95 .
2. Automatically :
This can be done with the help of penetration tool called Nessus , a security scanner which takes steps for addressing the vulnerabilities . Ex : With the help of NESSUS tool , the attacker can find the open as well as closed ports , networks , etc,. This helps them in penetrate through the network .
Penetration Attempt
The prime importance thing of penetration attempt are the time estimation and the target . 2. Naming the machines (like sourcecode_pc , int_surfing) will reduce time as well as to attack the target . 3. One can also do Dumpster Diving to penetrate a system or network .
1.
penetrate a target . Ex : Password cracking is normal in practice . Cracking a password involves i. Dictionary attack : Uses a word list or dictionary file. ii. Hybrid crack : Test for passwords that are variations for words in the dictionary file . iii. Brute force : Tests for all combination of passwords . Also penetrating tool called Brutus employed in automatic password cracking for telnet and ftp .
Social Engineering : It is nothing but the art of manipulating people into performing actions or obtaining confidential information from them . It is usually carried out by Phishing (Internet or Phone) Baiting Tailgating
Reporting
Overall analysis .
Summary of any successful penetration attempt . Detailed description of all the vulnerabilities found .
Cleaning up
To clean up any mess (unwanted information)as a
result of penetration testing . Removes all executable , scripts and temporary file from the system . If possible use secure method to delete files and folders so that the important documents cannot be removed . It should be done securely , so that it does not affect systems normal operations . A good example is the Removal of user accounts .
Limitations
It can cause Congestion and System crashing .
It does not provide any information about the new
vulnerabilities after the test has been carried out . Also it is not a best way , if it is not reviewed periodically , since it is a time estimated one . It alone provides no information in security of a computer or a network . If pentesters cannot be able to break into the system , it does not mean that the hacker would not .
Conclusion
Penetration testing involves a real world attack of the
system . It is not a best way , as it does not able to find all the vulnerabilities exists in a system . It should be performed after careful consideration , notification and planning since it has a high factor of risk than vulnerability scanning . It provides the address of vulnerabilities present in the system which helps the management to fix it and also it helps the management to make decisions .