Penetration Testing Scope

insight exam domainThe main objective of this text file is to provide the readers a view on importance of Penetration study in vane credential and how it impart overcome the net clip surety department issues and how organizations ar determining their security weaknesses in their intercommunicate infrastructures. With the help of this instrument, readers can obtain knowledge ab extinct advantages, strategies, suits, peckerwoods and techniques of the sharpness examination.IntroductionPenetration interrogation method is sensation of the oldest network security techniques for evaluating the securities of a network corpse. Penetration examen method used by Department of Defence in early 1970s to localize the security weaknesses in computer administration and to initiate the development of programs to create more secure system. Using acumen examen, organization can fix their security weaknesses forwards they wee-wee unprotected. Many companies are development this method because perceptiveness testing exit provide proper security information systems and services to the organizations network systems. Organization can reduce risk in their network system using perspicacity testing motherfuckers and techniques.The main objective of the penetration testing is to pass judgment the security weaknesses of the organizations network systems. Penetration testing has more secondary objectives and that provide help the organization to identify their security incidents and also test the security sensory faculty of the employees.Scope and Goals of the Penetration TestingIdentifying gaps in security Organization can identify the gap of the system security and company can develop an activity plan to reduce the threat with the help of penetration test.Help to create strong business case A penetration test result document depart help the manager to create a strong business case to produce the security message at the implementation stage.To discover radical threats Penetration testing measures give help the organization to stripping the young threats.To focus on internal security re origins A Penetration test and its security analysis tot every(prenominal)yow the organization to focus internal security resources.To meet regulatory compliances Organization can meet their regulatory compliances using penetration testing tools.To find weakest link Penetration test and security audit testament assist the firm to find the weakest link in their intricate structure and it result provide baseline security for exclusively typical entities.Provide validation feedback Penetration test de blisteringr validation feedback to business entities and security model that move the organization to reduce the risk in the implementation.Phases of the Penetration TestDisco rattlingPlanningAttackReportingAdditional DiscoveryPlanning PhaseScope of the test provide be defined in planning word form. In this conformation, testing team bequeat h get the approvals, documents and agreements ilk NDA (Non-Disclosure Agreement) and they will set the baseline for effective penetration test after that documents are signed. Penetration test team will get certain input from existing security plan, intentness standards and best practices while defining their scope for the test. No real testing activity happens in the planning stage.Factor influencing the successful Penetration test judgment of convictionLegal restrictionDiscovery PhaseThe real testing activity will start from this phase. In this stage, they used to identify the potential behind using network scanning and to assembly information using port scanning and other techniques. Vulnerability is the second part of this baring phase. In this stage, application, operating system and services are equated against vulnerability entropybase. Normally human testers use their own database or public database to find vulnerabilities manually. Compare with automated testing, manua l testing is discontinue way to identify the new vulnerabilities but this type of testing is time consuming unlike automated testing. This Phase can be further Characterized asFootprinting PhaseCanning and Enumeration PhaseVulnerability Analysis PhaseFootprinting PhaseThe process of footprinting is a completely non-disturbing activity executed to get information accessible about the target organization and its system using various resources, both technical and non-technical. This process includes probing the earnings, querying various public repositories (Database, vault of heaven registrar, Usenet groups and mailing list).In this phase, penetration tester will gather significant information and confidential data through internet without probing the target system. Penetration tester will uphold the social engineering attacks for that they will collect valuable information like IT setup lucubrate, e-mail address of the company, device configuration and username and password.In this phase, penetration tester tries to find various loopholes and try to explore data leakage about the target organization in shortest time period. Mostly procedure of this phase can be automated using customized script and small programs.Scanning and EnumerationThe scanning and enumeration phase includes lot of activity like identifying the live system, open / filtered ports found, service running on these ports, identifying the operating system details, network path discovery, mapping router / firewall rules, etc.Penetration tester must be minute while using the tools for these activities because they should non overwhelm the target systems with extreme traffic. Before going into live scenario, successive phase should be tested completely in a testing environment.Types of Port digital scannerNmapSuperScanHpingServices should be fingerprinted either manually or using existing tools after successfully identifying the open ports. Penetration tester will provide exact name and strain of the services which running on the target system and the underlying Operating system ahead including these in the final report. Also this will help to identifying and removing numerous false positive found later.Existing Fingerprint ToolsXprobe2QuesoNmapAmapWinfingerprintP0fHttprintVulnerability AnalysisIn this stage, penetration tester will try to identify possible vulnerabilities existing in each target system after identifying the target systems and collecting required details from the previous phase. During this stage penetration tester whitethorn use automated tools to find the vulnerabilities in the target systems. These tools drive their own record containing of latest vulnerabilities and their details.In vulnerability analysis stage, penetration tester will test the systems by giving invalid inputs, random strings, etc. to check for any errors or unwitting behaviour in the systems output.Penetration tester should not depend only on his experience because a succe ssful penetration tester should be up to date with latest security related activities and join with security related mailing-lists, security blogs, advisories, etc. to keep him updated to the latest vulnerabilities.Types of Vulnerability ScannersNessusShadow Security ScannerRetinaISS ScannerSARAGFI LANguardAttack PhaseAttack phase is a vital stage in penetration testing, the most challenging and interesting phase for the penetration tester. This Phase can be further Characterized asExploitation PhasePrivilege Escalation PhaseExploitation PhaseIn this phase, penetration tested will try to identify activities for the various vulnerabilities found in the previous stage. Penetration tester can get more resources from internets that provide proof-of-conception exploits for most of the vulnerabilities.In victimization stage, all exploit should be tested thoroughly before going for a real implementation. If any vulnerabilities critical system not exploited so penetration tester should gi ve sufficient documented proof-of-concepts about the impact of the vulnerability on the organizations business.Exploitation FrameworksMetasploit ProjectCore Security Technologys ImpactImmunitys canvassInstead of running exploitation, penetration tester need to use the full potential framework to reduce the time in writing custom exploits.Gaining overtureDiscovery PhaseRising PrivilegeSystem SurfingInstall Add Test SoftwareEnough data has beenGathered in the discovery phase to crystallize an attempt toAccess the target.If only user-level access was obtained in the last step, the tester will now seek to gain complete guard of the system.The information gathering process begins again to identify mechanism to gain access to trusted system.Additional presentation testing software is installed to gain supererogatory information and/or access.Attack Phase Step with Look back to Discovery PhasePrivilege EscalationIn this stage, penetration tester will make further analysis to get more information that will help to getting administrative privileges. Before continuing further process, penetration tester should get the prior permission from the target organization. Penetration tester will maintain his all activity report because in the reporting stage that will be the proof for all the activities completed. Tester may install additional software for higher level of privilege.Reporting PhaseReporting stage is the last phase in the penetration test methodology. Reporting phase will parlay occurred with other three stages or it will happen after attack phase. This reporting phase is very vital stage and this this report will cover both management and technical aspects, provide detailed information about all findings, figures with proper graphs. Penetration tester will provide suitable presentation of the vulnerabilities and its impact to the business of the target organization.Final document will be detailed and it will provide technical description of the vulnerabil ities. Penetration tester should meet the client requirement in the documents also document should be detailed and that will show the ability of the successful penetration tester.Report Consist ofExecutive SummaryDetailed FindingsRisk level of the Vulnerabilities foundBusiness ImpactRecommendations certaintyPenetration Testing StrategyExternal Testing StrategyIn this schema, process made from outside the organizations system to refers attack on the organizations network border, this may be through Internet or Extranet. External testing strategy will start with clients publically accessible information. Naturally the External testing nest will executed with non-disclosure or fully disclosure environment. This test will target the organizations externally visible legion or device like Domain Name Server (DNS), Firewall and E-mail server.Internal Testing StrategyInternal testing approach executed from inside the organizations technology environment. The focuses of the internal test ing strategy is to know what could occur if the network border were penetrated effectively or what an authorized user could do to penetrate specific information resources inside the organizations network. Both type of testing techniques are similar but the result of both tests will vary prominently.Blind Testing StrategyBlind testing approach targets at pretending the activities and processes of a real hacker. In this approach, testing team will provide limited information about organizations systems configuration. The penetration testing team gather information about the target to conduct its penetration test using publically available information like company web-site, domain name registry, internet discussion board and USENET. This testing approach can provide lot of information about the organization but this method of testing is very time consuming.Double Blind Testing StrategyThis testing strategy is an extension of blind testing approach. In this testing approach, IT and secu rity staff of the organization will not informed earlier and are blind to the strategic testing activities. Double blind testing strategy is a vital component of testing because it can test the organizations security monitoring and incident identification, escalating and response procedure. The main objective of this testing approach is only few people from the organization will aware of this testing activity. Once the objective of the test has been achieved then project manager will terminate the response procedure of the organization and testing procedures.Targeted Testing StrategyAnother name of this testing strategy is lights-turned-on approach. In this testing approach, both organizations IT staff and penetration testing team involve in this testing activities. In this test, there will be a clear understanding of testing actions and information about the target and network design. Targeted testing approach is very cost effective because this test mainly focused on technical set ting or design of the network. This test can executed in less(prenominal) time and effort unlike blind test but this approach will not give clear picture of an organizations vulnerabilities and response capabilities.Types of Penetration testingThere are many type of penetration test available to test the network security of an organization. But type of penetration test may depend upon the organizations require to test their network.Black-box TestingWhite-box TestingDOS (Denial Of Service)This type of testing tries to identify the weaknesses on the system through exhausting the targets resources because it will cut off responding to legal request. Denial of service testing can perform on both manually and automated tools. This test is classified into two types such as software exploits and flooding attacks. The level of this test depending upon the penetration tests information system and related resources. There are more formats in this test such asApplication Security TestingAppl ication security testing will protect the confidentiality and reliability of information using applications encryption and objective of this testing is to assess the control over the applications (Electronic commerce server, on-line financial applications, distributed applications and internet front ends to legacy systems) and its process flow.Components of Application Security TestingCode ReviewIn this type of testing, analysing the code of the application because it should not contain the sensitive data.Authorization TestingAuthorization testing includes Analysing the system initiation and maintenance of the user sessions like Input validation of login fields, Cookies security and lockout testing.Functionality TestingFunctionality testing involves testing the functionality of the application such as input validation and transaction testing as presented to a user.War DiallingTools for Penetration TestingReconnaissance ToolsNmap ( meshwork Mapper)Network mapper (Nmap) is a powerful port scan tool and its a part of reconnaissance tools of penetration testing. Network mapper has ability to regulate the operating system of the target system. Network mapper maintains a database for the target computer to find its operating systems resospnse3. Network mapper is a permitted product for network security review. Network mapper was intended to quickly scan big network but it will work fine against single network. Network mapper is compatible with all major operating system like Windows, Linux and MAC operating system.2.Features of the Network mapper (Nmap) tensileNmap will support different advanced techniques for mapping out networks such as firewalls, IP filters and other obstacles. This tool also contains port scanners mechanism (TCP UDP), version detection, version detection,PrevailingPortableEasyFreeWell documentedSupportedAcclaimedPopularhttp//www.computerworld.com/s/article/9087439/Five_free_pen_testing_toolshttp//nmap.org/http//www.sans.org/reading_room/analys ts_program/PenetrationTesting_June06.pdfhttps//buildsecurityin.us-cert.gov/bsi/articles/tools/penetration/657-BSI.htmlNessusNessus is a vulnerability estimation tool and its free domain software released by GPLS. This tool is intended to identify the security problem. Nessus helps the management people to rectify the security problem before exploitation. Client server technology is very powerful features of Nessus. Penetration tester can test from various point of the server because Different server technology placed in various place. It can control the entire server using multiple distributed clients or central client. This tool is very flexible for penetration tester because it can run on different operating system like MAC OS X and IBM/AIX but most of the server portion will run on UNIX.Features of the NessusUp-to-date security vulnerability DatabaseNessus tool will check the database regularly and Nessus can receive with the command Nessus-update-plugins. This tool will monitor all the plugins data.Remote and Local securityNessus has the ability to detect the remote faults of the host in a network and also it will remove local flaws and omitted areas.ScalableNessus is very scalable because it can run on a computer with low memory. If we give more power to this tool then it can scan our system quickly.Plug-InsEvery security test will be written in NASL also its printed as an exterior plugin. For modify the Nessus, it will not download binaries from internet and to understand the result of the Nessus report, every NASL can be read and modified.NASL (Nessus Attack Scripting Language)The Nessus security Scanner contain NASL, its a designed language to inscribe security test easily and quickly. NASL run in a controlled environment on top of a virtual device, this will make the Nessus a very secure scanner.Smart Service Recognition with Multiple ServicesNessus tool helps to recognize the FTP server which running in an unidentified port. This is the first tool to hold this facility. If the host runs the similar services twice or more then Nessus can scan all of them. wax SSL Support and Non-DestructiveThis tool has the ability to scan SSL services like https, imaps, smtps and more. Nessus tool can integrate with PKI field environment. Nessus is the first scanning tool has this feature. Nessus tool will give more option to the tester to perform a regular non-destructive security audit.Packet Manipulation and Password Cracking ToolsExploitation ToolsMetasploit VersionMetasploit framework is both penetration testing system and a development platform for creating security tools and techniques. Metasploit framework comprises of tools, modules, libraries and user interfaces. Metasploit framework used to network security and network security professionals will use this framework to conduct penetration test, system administrators to verify the patch connection, to perform regression testing by product vendors, and security researcher world-wide. This tool offers valuable information and tools for penetration tester security researcher. Metasploit framework written in Ruby programming language and contains components written in C and assembler.The basic function of this tool is a Module launcher, allow the user to organize the exploit module and launch the module at target system. Metasploit is very user friendly to the penetration tester to conduct the test and it will give full network penetration testing capabilities. Metasploit is an open source framework and largest combined public databank of exploits.Security Forest exploitation FrameworkLimitations of Penetration TestingPenetration testing will not identify all vulnerabilities because normally this test will carried out as Black Box exercises. Penetration test will not provide information about new vulnerabilities those weaknesses identified after the test. Penetration tester will not have sufficient information about the system. Compare with vulnerability assessment s, penetration test is not the correct way to identify the weaknesses because vulnerability assessments can identify more issue than penetration testing using diagnostic review of all systems and all servers. Penetration test does not have that much time to evaluate and identify the vulnerabilities and penetration testing is a snapshot for an organization and its network security. finisScope of the penetration testing should be accessiond. Time period of penetration testing is very limited. Time limit of penetration testing needs to be increased, then testing team can identify more issues and testing team can protect the network security of an organization. Further action needs to be taken against vulnerabilities that identified as a result of penetration test.Penetration TestingDefinitionsPenetration test is a method to assess the organizations data security system in dynamic way. The information security system of an organization will be tested to identify any security issues. In other way, penetration test is a theoretical or paper based audit.What is Penetration Test?Penetration test is a sequence of actions to find and exploit security weaknesses of the systems. Penetration test naturally includes group of people financed by the organization and Department of Internal Audit or IT department to conduct the test. Penetration test team member attempts to accomplish vulnerabilities in the system security of the organization using tools and techniques of the penetration test. The goal of the testing tem is to find out security weaknesses under controlled circumstances to eliminate the vulnerabilities before unauthorised users can exploit them. Penetration testing is an authorised action to correct the hackers (unauthorised users) activities.Penetration test is a better way to find the security weaknesses that exist in a network or system. Penetration test result will increase the awareness of the management people and also it will assist them to take an impor tant decision making processes. Management people can find their system security weaknesses conducting penetration test in their organization. Depending upon the organization penetration test will differ and time frame of the test will depend on the type of test. If the penetration test is conducted badly then this test have serious costs like system roaring and cramming. Organization needs to have dynamic consent on this test while conducting or performing.