alok prasad(pt)
TRANSCRIPT
8/8/2019 ALOK PRASAD(pt)
http://slidepdf.com/reader/full/alok-prasadpt 1/14
ALOK PRASAD
8/8/2019 ALOK PRASAD(pt)
http://slidepdf.com/reader/full/alok-prasadpt 2/14
ACKNOWLEDGEMENT
I Alok Prasad do acknowledge and likesto express my deepest appreciation toour faculty Mr. Mohan Mishra forcontinuously guiding me in makingproject on penetration testing.
(Alok Prasad)
8/8/2019 ALOK PRASAD(pt)
http://slidepdf.com/reader/full/alok-prasadpt 3/14
TABLE OF CONTENTSy What is a Penetration Test.y Why penetration testing is conducted?y What can be tested?y The Process and Methodology
P lanning and P reparation Information Gathering and Analysis V ulnerability Detection P enetration Attempt Analysis and Reporting C leaning Up
y Types of Penetration Testing.
8/8/2019 ALOK PRASAD(pt)
http://slidepdf.com/reader/full/alok-prasadpt 4/14
y What is a Penetration Test?
A penetration test is a great way to identifyvulnerabilities that exists in a system ornetwork that has an existing security measuresin place. A penetration test usually involvesthe use of attacking methods conducted bytrusted individuals that are similarly used by
hostile intruders or hackers. Depending on thetype of test that is conducted, this may involvea simple scan of an I P addresses to identifymachines that are offering services with knownvulnerabilities or even exploiting knownvulnerabilities that exists in an un patchedoperating system.
A penetration test is basically an attempt tobreach the security of a network or system andis not a full security audit. This means that itis no more than a view of a system¶s security ata single moment in time. At this time, the knownvulnerabilities, weaknesses or misconfiguredsystems have not changed within the time frame
the penetration test is conducted.P enetration tests can have serious consequencesfor the network on which they are run. If it isbeing badly conducted it can cause congestionand systems crashing. In the worst case
8/8/2019 ALOK PRASAD(pt)
http://slidepdf.com/reader/full/alok-prasadpt 5/14
scenario, it can result in the exactly the thingit is intended to prevent. This is thecompromise of the systems by unauthorizedintruders. It is therefore vital to have consent
from the management of an organization beforeconducting a penetration test on its systems ornetwork.
Why penetration testing is conducted?
y Preventing financial loss through fraud(hackers, extortionists and disgruntled
employees) or through lost revenue due tounreliable business systems and processes.
y P rotecting your brand by avoiding loss ofconsumer confidence and business
reputation.
y Identifying vulnerabilities and quantifyingtheir impact and likelihood so that theycan be managed proactively; budget can beallocated and corrective measuresimplemented.
8/8/2019 ALOK PRASAD(pt)
http://slidepdf.com/reader/full/alok-prasadpt 6/14
What can be tested?All parts of the way that your organizationcaptures stores and processes information can beassessed; the systems that the information isstored in, the transmission channels thattransport it and the processes and personnelthat manage it. Examples of areas that arecommonly tested are:
y O ff-the-shelf products (operating systems,applications, databases, networkingequipment etc.)
y B espoke development (dynamic web sites, in-house applications etc.)
y Telephony (war-dialing, remote access etc.)y Wireless ( WIFI, B luetooth, IR, GSM, RFID
etc.)y P ersonnel (screening process, social
engineering etc.)y P hysical (access controls, dumpster diving
etc.)
8/8/2019 ALOK PRASAD(pt)
http://slidepdf.com/reader/full/alok-prasadpt 7/14
The Process and Methodology
Planning and Preparation
P enetration tests may need to be run atparticular times of day. There may beconflict ensure that everything is testedand the need to avoid loading the networkduring periods of heavy and critical use.P enetration tests that involve the use ofunusual network traffic may cause some
systems on the network to crash. If thisrisk cannot be tolerated then some systemsor networks may need to be excluded fromthe test. P enetration testers should spendadequate amount of time discussing thetests with the organization before drawingup a testing plan.
No organizations will want their businesses
to be affected as a result of a penetrationtest. O ne major decision to be made withthe organization is whether the staff ofthat organization should be informed beforea penetration test is carried out.
A complete and adequate penetration testinvolves penetration testers conductingillegal activities on systems external orinternal to an organization¶s network.
8/8/2019 ALOK PRASAD(pt)
http://slidepdf.com/reader/full/alok-prasadpt 8/14
I nformation Gathering and Analysis
After doing the necessary planning and
preparation with the organization the nextstep is to gather as much information aspossible about the targeted systems ornetworks. If the intended target has anonline website, this is a good place tostart our information gathering. We shouldalways remember that any kind ofinformation gathered during this stage may
prove useful to us in the other stages ofthe penetration. Their service examines anetwork connected to the Internet andreports back which hosts are visible. Italso gives the information like theoperating it is running on as well as theserver¶s uptime.
A network survey serves as an introduction
to the systems that are to be tested. Thegoal here is to find the number of systemsthat are reachable. The expected resultsthat should be obtained from a networksurveying should consist of domain names,server names, Internet service providerinformation, I P addresses of hosts involvedas well as a network map.
8/8/2019 ALOK PRASAD(pt)
http://slidepdf.com/reader/full/alok-prasadpt 9/14
8/8/2019 ALOK PRASAD(pt)
http://slidepdf.com/reader/full/alok-prasadpt 10/14
V ulnerability Detection
After having gathered the relevant informationabout the targeted system, the next step is todetermine the vulnerability that exists in eachsystem.
P enetration testers should have a collection ofexploits and vulnerabilities at their disposalfor this purpose. If a system running Windows 95and MS P ersonal Web Server pops up in theinformation gathered earlier, this wouldprobably be a vulnerability that might exist inthat particular system.There are tools available that can automatevulnerability detection. Such a tool is Nessus.Nessus is a security scanner that audit remotelya given network and determine whethervulnerabilities exists in it.
The completion of the vulnerability detectionwill produce a definite list of targets toinvestigate in depth. These lists of targetswill be used in the next stage. A penetrationwill be attempted at these targets that havetheir vulnerabilities defined.
8/8/2019 ALOK PRASAD(pt)
http://slidepdf.com/reader/full/alok-prasadpt 11/14
Penetration Attempt
After determining the vulnerabilities that existin the systems, the next stage is to identify
suitable targets for a penetration attempt.The target chosen to perform the penetrationattempt is also important Imagine a scenariowhereby two penetration testers are required toperform a penetration test on a networkconsisting of more than 200 machines. Aftergathering sufficient information andvulnerabilities about the network, they found
out that there are only 5 servers on the networkand the rest are just normal PC s used by theorganization¶s staff.
Normally penetration tests have a certain timeconstraint and penetration testers should notwaste any time unnecessarily. There are otherways to choose a target. The above justdemonstrates some criteria used.P enetration testers an idea of what the machinedoes. B y choosing their target properly,penetration testers will not waste time andeffort doing any redundant job. Normallypenetration tests have a certain time constraintand penetration testers should not waste anytime unnecessarily. There are other ways tochoose a target. The above just demonstrates
some criteria used.
P assword cracking has become a normal practicein penetration tests.The list below shows just some of the passwordcracking methods used: -
8/8/2019 ALOK PRASAD(pt)
http://slidepdf.com/reader/full/alok-prasadpt 12/14
y Dictionary Attack
y H ybrid Crack
y Brute Force
Analysis and Reporting
After conduction all the tasks above, thenext task ahead is to generate a report forthe organization. The report should startwith an overview of the penetration testingprocess done. This should be followed by ananalysis and commentary on criticalvulnerabilities that exist in the network orsystems. V ital vulnerabilities are addressedfirst to highlight it to the organization.Less vital vulnerabilities should then be
highlighted. The reason for separating thevital vulnerabilities from the less vitalones helps the organization in decisionmaking.
The contents of the report should be as follows:y Summary of any successful penetration
scenarios.y Detailed listing of all information gathered
during penetration testing.y Detailed listing of all vulnerabilities
found.y Description of all vulnerabilities found.
8/8/2019 ALOK PRASAD(pt)
http://slidepdf.com/reader/full/alok-prasadpt 13/14
y Suggestions and techniques to resolvevulnerabilities found.
Cleaning Up
The cleaning up process is done to clear anymess that has been made as a result of thepenetration test. A detailed and exact list ofall actions performed during the penetrationtest must be kept. This is vital so that anycleaning up of the system can be done.
The cleaning up process should be verified bythe organization¶s staff to ensure that it hasbeen done successfully. A good example of aclean up process is the removal of user accountson a system previously created externally as aresult of the penetration test. It is always thepenetration tester¶s responsibility to informthe organization about the changes that existsin the system as a result of the penetrationtest and also to clean up this mess.
8/8/2019 ALOK PRASAD(pt)
http://slidepdf.com/reader/full/alok-prasadpt 14/14
Types of Penetration Testing
Black Box Penetration Testing y P en tester has no previous knowledge of the
remote networky O nly the company name or the I P address is
knowny Simulation of a real world hacking by a
hacker who has no knowledge
White Box Penetration Testingy P en tester provided with significant
knowledge of the remote networky Type of network devices (i.e. C isco gear,
TCP /I P ),y Web Server details (i.e., Apache/*nix or
Apache/ Win2k),y O perating System type (i.e., Windows/*nix),y Database platform (i.e., O racle or MS SQL),y
Load balancers (i.e. Alteon),y Firewalls (i.e. C isco P IX)... etc