Introduction to network penetration testing

Transcription

1 Introduction to network penetration testing , WrUT BAITSE guest lecture Bernhards Blumbergs, CERT.LV

2 Outline Current IT security trends IT Security principles The need for IT security testing Terminology explained Applicable standards and models Reporting results

3 Current IT security trends

4 Not long time ago... In a galaxy nearby...

5 The story so far... Hacktivism

6 The story so far... Cyber warfare

7 The story so far... Revenge attacks

8 The story so far... Botnets

9 The story so far... Espionage

10

11 The story so far... Ransomware

12 The story so far... WEBapp vulnerabilities

13 The story so far... Phishing

14 The story so far... Application vulnerabilities

15 Critical vulnerabilities Source: NIST National Vulnerability Database

16 The story so far... Exploit kits and drive-by exploits

17 The story so far... Mobile devices and BYOD

18 The story so far... Targeted attacks

19 The story continues... On light side you stay

20 IT security principles

21 IT security principles What is security?

22 IT security principles What is Information Systems and Information Technology security? Information Static / State Dynamic / Process

23 IT security principles Security trade-off Security Expenses Usability Functionality

24 IT security principles Information System perimeter Internet? Information System

25 IT security principles Information System elements Information Users Infrastructure Applications

26 IT security principles Security lifecycle Secure Training Policy Monitor Awareness Audit/Test

27 IT security principles The need for IT security testing Video on «Cyber Security Evolved»

28 IT security principles So what is security?

29 Terminology explained

30 Terminology explained w00t (R1p7 <1D )13 H4XX0r pwned!!!111 all your base are belong to us

31 Terminology explained Attack surface and defense-in-depth FTP HTTP POP3 SMTP LDAP SNMP DNS SSH Information System SMB SQL

32 Terminology explained Weakness A flaw, that leaves asset vulnerable to attack Exposure A point of access to the weakness Vulnerability An instance of the exposure of a weakness Exploit The act of taking advantage of a vulnerability

33 Terminology explained Vulnerability lifecycle 0-Day

34 Terminology explained Threat Potential event endangering a system Risk A probability of threat becoming true Risk management Process of risk assessment and analysis Affect on Confidentiality, Integrity, Availability, Accounting Accept, mitigate, eliminate, transfer

35 Terminology explained Types of hackers Hacktivists Black-hat hackers White-hat hackers Grey-hat hackers Suicide hackers

36 Terminology explained Types of system vulnerability tests Black-box White-box Grey-box Announced and unannounced

37 Network penetration testing models

38 Testing methodology Applicable standards NIST EC-Council, CE H PTES Open Source Security Testing Methodology Manual (OSSTMM) ISO/IEC 17799:2005 and series Payment Card Industry Data Security Standard (PCI DSS)

39 Testing methodology Accepted penetration testing approach NIST PTES CEH Planning Discovery Pre-engagement Interactions Intelligence Gathering Threat Modeling Vulnerability Analysis Reconnaissance Scanning Attack Exploitation Gaining access Post Exploitation Maintaining access Clearing tracks Reporting Reporting Reporting

40 Reporting results Outcome and reporting Meets the predefined scope and goals Answers to the stakeholder s questions or provides basis for decision making Methodological, can be recreated or have proof-of-concept Is well formed and understandable to the stakeholders

41 Reporting results Sample structure of a PT report: Executive summary Scope and objectives Summary of findings and recommendations Methodology used and test execution Detailed findings Appendixes: vulnerability reports, scan results and other technical data

42 Thank you!