Thursday, April 4, 2019
Penetration Testing Scope
brainwave Testing ScopeThe main objective of this document is to post the readers a view on im port wineance of incursion adjudicate in entanglement warrantor and how it go ground away overcome the profit tri stille issues and how plaques are determining their trade protection weaknesses in their internet infrastructures. With the help of this document, readers give the bounce obtain screwledge virtually advantages, strategies, character references, brutes and techniques of the sharpness scrutiny.Introduction brainstorm attempting method is one of the oldest network shelter techniques for evaluating the securities of a network outline. insight stressing method employ by Department of refutal in early 1970s to determine the surety weaknesses in computer agreement and to initiate the using of programs to create to a greater extent secure governance. Using insight test, organization can fix their aegis weaknesses forrader they get unprotected. Man y companies are using this method beca put on perceptiveness testing ordain go out comely surety selective information systems and service to the organizations network systems. establishment can reduce risk in their network system using penetration testing tools and techniques.The main objective of the penetration testing is to evaluate the protective covering weaknesses of the organizations network systems. Penetration testing has more secondary objectives and that allow help the organization to discover their security incidents and as well test the security conscious(predicate)ness of the employees.Scope and Goals of the Penetration TestingIdentifying gaps in security Organization can identify the gap of the system security and company can develop an action stick out to reduce the threat with the help of penetration test.Help to create gruelling business case A penetration test moderate document testament help the manager to create a strong business case to produ ce the security message at the implementation stage.To discover new threats Penetration testing measures testament help the organization to queue the new threats.To focus on internal security resources A Penetration test and its security analysis allow the organization to focus internal security resources.To meet regulatory compliances Organization can meet their regulatory compliances using penetration testing tools.To find weakest tie in Penetration test and security audit pass on assist the firm to find the weakest link in their intricate structure and it will provide baseline security for all typical entities. render validation feedback Penetration test deliver validation feedback to business entities and security theoretical account that lead the organization to reduce the risk in the implementation. mannequins of the Penetration Test baringPlanningAttackReporting supererogatory DiscoveryPlanning word formScope of the test will be de lovelyd in cookery anatomy. In this phase, testing team will get the approvals, documents and agreements bid NDA (Non-Disclosure Agreement) and they will set the baseline for hard-hitting penetration test after that documents are signed. Penetration test team will get plastered input from animate security plan, indus demonstrate standards and best practices while defining their scope for the test. No objective testing practise happens in the planning stage.Factor influencing the undefeated Penetration testTime level-headed restrictionDiscovery PhaseThe real testing activity will start from this phase. In this stage, they used to identify the potential laughingstock using network scanning and to gather information using port scanning and other techniques. Vulnerability is the second part of this discovery phase. In this stage, application, operating system and services are equated against vulnerability database. Normally human examiners use their own database or public database to find vulnerabilities manually . comparing with automated testing, manual testing is better way to identify the new vulnerabilities but this type of testing is era consuming unlike automated testing. This Phase can be come on Characterized asFootprinting PhaseCanning and Enumeration PhaseVulnerability Analysis PhaseFootprinting PhaseThe process of footprinting is a completely non-disturbing activity executed to get information available about the stigma organization and its system using non-homogeneous resources, two technical and non-technical. This process includes look into the internet, querying various public repositories (Database, Domain registrar, Usenet groups and mailing list).In this phase, penetration tester will gather significant information and confidential data through internet without probing the target system. Penetration tester will train the social engineering attacks for that they will collect worthy information like IT setup details, e-mail address of the company, device configurati on and username and password.In this phase, penetration tester tries to find various loopholes and try to explore data leakage about the target organization in shortest time finish. Mostly procedure of this phase can be automated using customized script and microscopical programs.Scanning and EnumerationThe scanning and enumeration phase includes lot of activity like identifying the live system, circularise / filtered ports found, service running on these ports, identifying the operating system details, network path discovery, mapping router / firewall rules, etc.Penetration tester must be careful while using the tools for these activities because they should not overwhelm the target systems with original traffic. Before going into live scenario, successive phase should be time-tested completely in a testing environment.Types of Port digital scannerNmapSuperScanHping returnss should be fingerprinted either manually or using alert tools after successfully identifying the open ports. Penetration tester will provide exact name and form of the services which running on the target system and the underlying Operating system before including these in the final report. Also this will help to identifying and removing numerous false positive found later.Existing fingerprint ToolsXprobe2QuesoNmapAmapWinfingerprintP0fHttprintVulnerability AnalysisIn this stage, penetration tester will try to identify possible vulnerabilities constituteing in each target system after identifying the target systems and collecting required details from the preliminary phase. During this stage penetration tester may use automated tools to find the vulnerabilities in the target systems. These tools pretend their own record containing of latest vulnerabilities and their details.In vulnerability analysis stage, penetration tester will test the systems by giving invalid inputs, random strings, etc. to check for any errors or unintended demeanor in the systems output.Penetration teste r should not await only on his experience because a successful penetration tester should be up to date with latest security related activities and join with security related mailing-lists, security blogs, advisories, etc. to keep him updated to the latest vulnerabilities.Types of Vulnerability ScannersNessusShadow security department ScannerRetinaISS ScannerSARAGFI LANguardAttack PhaseAttack phase is a vital stage in penetration testing, the intimately challenging and interesting phase for the penetration tester. This Phase can be further Characterized asontogenesis PhasePrivilege Escalation PhaseExploitation PhaseIn this phase, penetration tested will try to identify activities for the various vulnerabilities found in the previous stage. Penetration tester can get more resources from internets that provide consequence-of-conception raps for most of the vulnerabilities.In exploitation stage, all exploit should be tested thoroughly before going for a real implementation. If any vulnerabilities critical system not exploited thus penetration tester should give sufficient documented proof-of-concepts about the impact of the vulnerability on the organizations business.Exploitation FrameworksMetasploit realizeCore Security Technologys ImpactImmunitys CANVASInstead of running exploitation, penetration tester need to use the full potential framework to reduce the time in writing custom exploits.Gaining AccessDiscovery PhaseRising PrivilegeSystem SurfingInstall Add Test Software adequacy data has beenGathered in the discovery phase to make an attempt toAccess the target.If only user-level assenting was obtained in the last step, the tester will now seek to gain complete cook of the system.The information gathering process begins again to identify mechanism to gain access to trusted system.Additional intro testing parcel is installed to gain additional information and/or access.Attack Phase Step with panorama back to Discovery PhasePrivilege EscalationIn thi s stage, penetration tester will make further analysis to get more information that will help to getting administrative privileges. Before act further process, penetration tester should get the prior permission from the target organization. Penetration tester will maintain his all activity report because in the reporting stage that will be the proof for all the activities completed. Tester may install additional software for higher level of privilege.Reporting PhaseReporting stage is the last phase in the penetration test methodology. Reporting phase will parlay occurred with other three stages or it will happen after attack phase. This reporting phase is very vital stage and this this report will cover both management and technical aspects, provide detailed information about all findings, figures with proper graphs. Penetration tester will provide equal presentation of the vulnerabilities and its impact to the business of the target organization.Final document will be detailed an d it will provide technical description of the vulnerabilities. Penetration tester should meet the client requirement in the documents also document should be detailed and that will show the ability of the successful penetration tester.Report make up ofExecutive SummaryDetailed FindingsRisk level of the Vulnerabilities foundBusiness ImpactRecommendationsConclusionPenetration Testing schemaExternal Testing StrategyIn this schema, process made from outside the organizations system to refers attack on the organizations network border, this may be through Internet or Extranet. External testing system will start with clients publically accessible information. Naturally the External testing approach will executed with non-disclosure or fully disclosure environment. This test will target the organizations externally visible horde or device like Domain Name Server (DNS), Firewall and E-mail server. internecine Testing StrategyInternal testing approach executed from inside the organizat ions technology environment. The focuses of the internal testing strategy is to know what could occur if the network border were penetrated effectively or what an authorized user could do to penetrate proper(postnominal) information resources inside the organizations network. Both type of testing techniques are similar but the allow for of both tests will vary prominently.Blind Testing StrategyBlind testing approach targets at feign the activities and processes of a real hacker. In this approach, testing team will provide limited information about organizations systems configuration. The penetration testing team gather information about the target to conduct its penetration test using publically available information like company web-site, domain name registry, internet preaching board and USENET. This testing approach can provide lot of information about the organization but this method of testing is very time consuming.Double Blind Testing StrategyThis testing strategy is an e xtension of blind testing approach. In this testing approach, IT and security staff of the organization will not informed earlier and are blind to the strategic testing activities. Double blind testing strategy is a vital component of testing because it can test the organizations security monitoring and incident identification, escalating and resolution procedure. The main objective of this testing approach is only few people from the organization will aware of this testing activity. Once the objective of the test has been achieved and so project manager will terminate the answer procedure of the organization and testing procedures.Targeted Testing StrategyAnother name of this testing strategy is lights-turned-on approach. In this testing approach, both organizations IT staff and penetration testing team involve in this testing activities. In this test, there will be a overstep understanding of testing actions and information about the target and network design. Targeted testing approach is very cost effective because this test mainly focused on technical setting or design of the network. This test can executed in less time and effort unlike blind test but this approach will not give clear picture of an organizations vulnerabilities and response capabilities.Types of Penetration testingThere are many type of penetration test available to test the network security of an organization. But type of penetration test may depend upon the organizations needs to test their network. dense-box TestingWhite-box TestingDOS (Denial Of Service)This type of testing tries to identify the weaknesses on the system through exhausting the targets resources because it will stop responding to legal request. Denial of service testing can bring about on both manually and automated tools. This test is classified into two types such as software exploits and flooding attacks. The level of this test depending upon the penetration tests information system and related resources. There are more formats in this test such asApplication Security TestingApplication security testing will protect the confidentiality and reliability of information using applications encryption and objective of this testing is to assess the control over the applications (Electronic commerce server, on-line financial applications, distributed applications and internet front ends to legacy systems) and its process flow.Components of Application Security TestingCode ReviewIn this type of testing, analysing the code of the application because it should not contain the delicate data.Authorization TestingAuthorization testing includes Analysing the system initiation and maintenance of the user sessions like remark validation of login fields, Cookies security and lockout testing.Functionality TestingFunctionality testing involves testing the functionality of the application such as input validation and transaction testing as presented to a user.War DiallingTools for Penetration TestingReconnai ssance ToolsNmap ( intercommunicate Mapper) intercommunicate machinator (Nmap) is a powerful port scan tool and its a part of reconnaissance tools of penetration testing. Network mapper has ability to regulate the operating system of the target system. Network mapper maintains a database for the target computer to find its operating systems resospnse3. Network mapper is a permitted product for network security review. Network mapper was intended to quickly scan big network but it will work fine against single network. Network mapper is compatible with all major operating system like Windows, Linux and macintosh operating system.2.Features of the Network mapper (Nmap)FlexibleNmap will support different advanced techniques for mapping out networks such as firewalls, IP filters and other obstacles. This tool also contains port scanners mechanism (TCP UDP), indication detection, version detection,PrevailingPortableEasyFreeWell documentedSupportedAcclaimedPopularhttp//www.computerwor ld.com/s/ name/9087439/Five_free_pen_testing_toolshttp//nmap.org/http//www.sans.org/reading_room/analysts_program/PenetrationTesting_June06.pdfhttps//buildsecurityin.us-cert.gov/bsi/articles/tools/penetration/657-BSI.htmlNessusNessus is a vulnerability assessment tool and its free domain software released by GPLS. This tool is intended to identify the security problem. Nessus helps the management people to rectify the security problem before exploitation. lymph node server technology is very powerful features of Nessus. Penetration tester can test from various signalise of the server because Different server technology placed in various place. It can control the unblemished server using multiple distributed clients or central client. This tool is very flexible for penetration tester because it can run on different operating system like MAC OS X and IBM/AIX but most of the server portion will run on UNIX.Features of the NessusUp-to-date security vulnerability DatabaseNessus tool w ill check the database regularly and Nessus can receive with the command Nessus-update-plugins. This tool will monitor all the plugins data.Remote and Local securityNessus has the ability to detect the remote faults of the host in a network and also it will remove local flaws and omitted areas.ScalableNessus is very scalable because it can run on a computer with low memory. If we give more power to this tool past it can scan our system quickly.Plug-InsEvery security test will be written in NASL also its printed as an exterior plugin. For updating the Nessus, it will not download binaries from internet and to understand the result of the Nessus report, every NASL can be read and modified.NASL (Nessus Attack Scripting Language)The Nessus security Scanner contain NASL, its a designed language to inscribe security test easily and quickly. NASL run in a controlled environment on top of a virtual device, this will make the Nessus a very secure scanner.Smart Service Recognition with Multi ple ServicesNessus tool helps to recognize the FTP server which running in an unnamed port. This is the first tool to hold this facility. If the host runs the similar services twice or more then Nessus can scan all of them.Full SSL Support and Non-DestructiveThis tool has the ability to scan SSL services like https, imaps, smtps and more. Nessus tool can integrate with PKI field environment. Nessus is the first scanning tool has this feature. Nessus tool will give more option to the tester to perform a regular non-destructive security audit.Packet Manipulation and password Cracking ToolsExploitation ToolsMetasploit VersionMetasploit framework is both penetration testing system and a using platform for creating security tools and techniques. Metasploit framework comprises of tools, facultys, libraries and user interfaces. Metasploit framework used to network security and network security professionals will use this framework to conduct penetration test, system administrators to ve rify the patch connection, to perform simple regression testing by product vendors, and security researcher world-wide. This tool offers valuable information and tools for penetration tester security researcher. Metasploit framework written in Ruby programming language and contains components written in C and assembler.The basic function of this tool is a Module launcher, allow the user to organize the exploit module and launch the module at target system. Metasploit is very user friendly to the penetration tester to conduct the test and it will give full network penetration testing capabilities. Metasploit is an open source framework and largest combined public databank of exploits.Security Forest exploitation FrameworkLimitations of Penetration TestingPenetration testing will not identify all vulnerabilities because normally this test will carried out as Black Box exercises. Penetration test will not provide information about new vulnerabilities those weaknesses identify after th e test. Penetration tester will not have sufficient information about the system. par with vulnerability assessments, penetration test is not the correct way to identify the weaknesses because vulnerability assessments can identify more issue than penetration testing using diagnostic review of all systems and all servers. Penetration test does not have that much time to evaluate and identify the vulnerabilities and penetration testing is a snapshot for an organization and its network security.ConclusionScope of the penetration testing should be increased. Time period of penetration testing is very limited. Time limit of penetration testing needs to be increased, then testing team can identify more issues and testing team can protect the network security of an organization. Further action needs to be taken against vulnerabilities that identified as a result of penetration test.Penetration TestingDefinitionsPenetration test is a method to assess the organizations data security system in dynamic way. The information security system of an organization will be tested to identify any security issues. In other way, penetration test is a theoretical or paper based audit.What is Penetration Test?Penetration test is a sequence of actions to find and exploit security weaknesses of the systems. Penetration test naturally includes group of people financed by the organization and Department of Internal Audit or IT department to conduct the test. Penetration test team member attempts to accomplish vulnerabilities in the system security of the organization using tools and techniques of the penetration test. The goal of the testing tem is to find out security weaknesses under controlled circumstances to eliminate the vulnerabilities before un important users can exploit them. Penetration testing is an authorised action to correct the hackers (unauthorised users) activities.Penetration test is a better way to find the security weaknesses that exist in a network or system. Pene tration test result will increase the sense of the management people and also it will assist them to take an important decision making processes. counsel people can find their system security weaknesses conducting penetration test in their organization. Depending upon the organization penetration test will differ and time frame of the test will depend on the type of test. If the penetration test is conducted badly then this test have serious costs like system roaring and cramming. Organization needs to have dynamic consent on this test while conducting or performing.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment