Penetration Testing 2014

Size: px
Start display at page:

Download "040020305-Penetration Testing 2014"

Transcription

1 Comprehensive Questions/Practical Based : Penetration Testing Demonstrate the installation of BackTrack using Live DVD. Also list all the steps. 2. Demonstrate the installation of BackTrack in your machine by installing it to hard disk. List all the steps for it. 3. Install BackTrack using portable method. Also list the steps carried out during the process. 4. According to you which security testing methodology among OSSTMM and ISSAF is better? Give your views supporting your justification. 5. Among OWASP and WASC-TC, which security method has more benefits and features? How can you differentiate both of them? 6. What are your views for cost analysis and resource allocation in context to preparing the test plan for target scooping? Is it necessary? Justify your answer giving one example. 7. Implement dnswalk, dnsenum, dnsmap, dnsrecon in your machine and differentiate each one of them giving two points. 8. Implement any ten tools which are used to get network routing information. Write the basic purpose also for each one of them. Unit-1: Beginning with BackTrack Short Answer Questions: 1. In which type of BackTrack 4.0 installation in machine is not necessary? 2. Is information gathering a basic tool of penetration testing? Why? 3. How network mapping tool analyse the type of operating system on the target machine? 4. Which tool is used for auditing web application? 5. Can we use privilege escalation without exploiting vulnerabilities? 6. Give two uses of Voice over IP (VoIP) tools. 7. What digital forensics tools do? 8. State any two purposes of using MD5 value. 9. Give one difference of black-box testing and white-box testing in context to their perimeter defences. 10. Who is referred as black-hat? 11. Which tool is used for auditing of wireless network and Bluetooth? 12. Give two differences between vulnerability assessment and penetration testing in context to the intrusive manner of testing security issues. 13. List four security testing methodologies. 14. Write any two key groups of Open Source Security Testing Methodology Manual (OSSTMM). 15. Write two standard security test types of OSSTMM. 16. Which OSSTMM test type follows the rules of penetration testing? 17. What is RAV? Is it necessary for cost analysis? 18. List any two application security risks. 19. How vulnerability assessment helps in the exploitation of weaknesses in the target environment? 20. List three different views to help developers and security auditors to understand Ms. Puja Kadam Page 1

2 the vision of web application security threats presented in WASC-TC. Long Answer Questions: 1. Describe BackTrack 4.0 penetration testing process in detail. 2. Penetration testing is an expensive service when compared to vulnerability assessment. Justify the statement. 3. Analyze the impact of not using unetbootin to download the image directly when creating the BackTrack portable. 4. Explain "Live DVD" method of using BackTrack. 5. Compare and contrast the use of VMWare image and ISO image to install BackTrack in virtual machine 6. Differentiate the installation of portable BackTrack and virtual box giving six points. 7. Discuss the process of VMWare image installation in detail. 8. Conclude the importance of measuring risks during penetration testing. 9. Consider a XYZ company which needs to test the network infrastructure. Which testing methodology that company should follow? Explain that testing method in detail. 10. Write a detailed note on Open Source Security Testing Methodology Manual. 11. How Information Systems Security Assessment Framework (ISSAF) method works? 12. Write working of Open Web Application Security Project (OWASP) Top Ten. 13. What points should be considered for Web Application Security Consortium Threat Classification? 14. Identify the impact of weak encryption algorithm and invalid security certificates applied in OWASP Top Ten. 15. Write a detailed note on BackTrack testing methodology. 16. Validate the significance of understanding the scope of target environment in context to BackTrack testing process. 17. Explain rules of ethics with examples. Give appropriate justification for the same. Fill in the blanks with appropriate answer: 1. is a Live DVD Linux distribution developed specifically for penetration testing. 2. contains tools that can be used to check the live host, fingerprint operating system, application used by the target. 3. Bluetooth and are used to audit wireless networks. 4. can be used to exploit the vulnerabilities found in the target machine. 5. is used for auditing web applications. 6. tool can be used to do digital forensics such as acquiring hard disk image, carving files, and analysing hard disk image. 7. Before installing BackTrack in real machine, you must make sure that the does not contain any useful data. 8. BackTrack 4.0 machine is using as the network connection. 9. is sometimes abbreviated as PenTest. 10. The approach is known as external testing. Ms. Puja Kadam Page 2

3 11. In approach the auditor should be aware of all the internal and underlying technologies used by the target environment. 12. The combination of and penetration testing provides a powerful insight for internal and external security viewpoints. 13. is a process for assessing the internal and external security controls by identifying the threats that pose serious exposure to the organizations assets. 14. The testing does not require any prior knowledge about the target system under OSSTMM methodology. 15. audit is an example of double grey box testing. 16. Red-teaming is an example of testing. 17. defines the set of steps necessary to follow during the test engagement. 18. Test plan concerns the amount of required to assess the security of a target system. 19. Scope definition should clearly define all the entities and the limits imposed to them during security assessment. 20. Test results and must be presented in a clear and consistent order. State whether the below given statements are True or False: 1. BackTrack cannot be used directly from the DVD without installing. 2. Network mapping contains tools that can be used to check the live host. 3. Digital forensics can be used to debug a program or disassemble an executable file. 4. BackTrack can be installed to hard disk. 5. BackTrack 5.0 virtual machine is using NAT as the network connection. 6. The combination of White-Box testing and Black-Box testing is known as Grey- Box testing. 7. The technical perspective of OSSTMM is comprised of only scope, index and vector. 8. In reversal testing, the auditor holds minimum knowledge to assess the target system. 9. Crystal box is an example of Tandem testing. 10. BackTrack cannot be considered as a versatile operating system. 11. Enumerating target deals with identifying the target s network status, operating system and its relative network architecture. 12. Test plan should clearly define all the contractual entities and the limits. 13. Test process defines the set of steps necessary to follow during the test engagement. 14. Target exploitation process coordinates three core areas which involve preexploitation, exploitation and post-exploitation. Unit-2: Target Scoping and Information Gathering Short Answer Questions: 1. What is the advantage of target scoping? 2. Catalogue three phases of target scoping. Ms. Puja Kadam Page 3

4 3. How to gather client s requirement and what is the advantage of it? 4. What do you mean by deliverables assessment form? Give example. 5. List any two steps involved in preparing the test plan. 6. How test process validation is performed? 7. What penetration testing contract contains? 8. How resource allocation works in the context of test plan preparation? 9. What is cost analysis? 10. Give the task performed by DNS information. 11. What is NDA in context of test plan preparation? 12. State four rules of engagement. 13. Write two technology limitations in context of profiling test boundaries. 14. How public resources are useful in information gathering? 15. What is passive information gathering? 16. Write the task performed by Metagoofil tool. Long Answer Questions: 1. Describe the phase of penetration testing in which the scope is to be identified. 2. Estimate the relationship between customer requirements form and deliverable assessment forms. 3. Discuss the basic steps for client requirement gathering with the help of customer requirement form. 4. Upto what extent test plan preparation is significant? Justify your answer. 5. Give the significance of questions for test plan checklist. 6. Explain profiling test boundaries. 7. Compare and contrast dnsmap and dnswalk for collecting DNS information. 8. Explain public resource for information gathering. 9. Discuss any three tools of passive information gathering. 10. Identify the role performed by Dradis acting as a central repository for information to keep track of what is done and what still needs to be done. 11. Describe six tools for DNS information. 12. Elucidate route information tools in detail. 13. Explain utilization of search engine for requirement gathering. 14. Write short note on All-in-one intelligence gathering. 15. Analyze the impact of limited knowledge of auditor for pentesting. 16. Explain the working of any five trace tools. 17. Validate the significance of term cost analysis in context to preparing the test plan. 18. What is goorecon and theharvester? Explain its usage. 19. Upto what extent project management tools help in project management and scheduling? Justify your answer. 20. Reconstruct the steps in sequential order for defining the business objectives before performing penetration testing. 21. What are Maltego and Dradis? Explain the task performed by them. 22. Create a scenario where dmitry can be considered as an all-in-one information gathering tool. Fill in the blanks with appropriate answer: Ms. Puja Kadam Page 4

5 1. is defined as an empirical process for gathering target assessment requirements and characterizing each of its parameters to generate a test plan. 2. Gathering requirements deals with accumulating information about the target environment through verbal or written communication. 3. boundaries determine the limitations associated with the penetration testing assignment. 4. Defining objectives is a process of aligning business view with technical objectives of the penetration testing program. 5. Project management and directs every other step of the penetration testing process with a proper timeline for test execution. 6. A can be any subject who is legally and commercially bounded to the target organization. 7. It is the duty of to verify the identity of the contracting party before taking any further steps. 8. Managing the project requires a thorough understanding of all the individual parts of the scope process. 9. The is defined as a piece of work undertaken by the penetration tester. 10. is a tool that utilizes the Google search engine to get metadata from documents available in the target domain. 11. The dnswalk can be used to find out information about the complete list of. 12. A is a mechanism used to replicate a DNS database from a master DNS server to another DNS server. 13. The tool can be used to brute force sub domains from a target domain. 14. is a tool that can be used to passively trace the network route between the penetration tester and the target device. 15. The is an all-in-one information gathering tool. 16. The itrace is a tool that has trace route functionality, but uses an echo request. 17. The tool is similar to itrace, but instead of using ICMP ECHO it uses TCP SYN packet. 18. The tool is an accounts, username, and hostname/subdomain gathering tool. 19. Maltego is an open source intelligence and application. 20. is a web application that acts as a central repository for information to keep track of what has been done and what still needs to be done. State whether the below given statements are True or False: 1. Target discovery is a process for gathering target assessment requirements and characterizing each of its parameters to generate a test report. 2. Project management and scheduling directs each and every step of the testing process with a proper timeline for test execution. 3. Gathering requirements from clients depends on different sets of variables. 4. A client can be any subject who is legally and commercially bounded to the target Ms. Puja Kadam Page 5

6 organization. 5. Number of servers, workstations and network devices are required to be considered while filling the customer requirement form. 6. Only employee and shareholders are responsible for delivering assessment forms. 7. Resource allocation is an important key variable for preparing the test plan. 8. The cost of penetration testing depends only on the technology used. 9. NDA needs to be signed before starting the test process. 10. The resource can be a person involved in the security assessment or an ordinary source. 11. Information gathering is the first phase in the penetration testing process. 12. Metagoofil supports documents such ad spreadsheet (xls, ods). 13. Extra names and sub domains utilizing the Google search engine can be done using dnsenum tool. 14. The dnsmap tool uses an approach similar to that of dnswalk and dnsenum. 15. In dnsmap-bulk, the domains text file should contain each domain in a separate file. 16. Otrace is a shell script that is able to obtain the route information of a network device protected by a stateful inspection firewall. 17. Host information can be gathered from Netcraft.com using dmitry tool. 18. The itrace will receive a SYN/ACK packet if the port is open. 19. Maltego is a non open source intelligence and forensic application. 20. In Maltego, personal group contains only OPEN-AP, Unknown-AP, WPA-AP and WPA2-AP. Unit-3: Target Discovery and Enumerating Short Answer Questions: 1. What is the purpose of target discovery process? 2. In BackTrack OS, where can we find target discovery tools? 3. Which tools are included in identifying the target machine process? 4. What is ping? How it works? 5. Give one difference between arping and arping2. 6. What is the discrepancy between hping3 and hping2? 7. Write the task performed by onesixtyone. 8. Is OSfingerprinting an important part for target discovery? 9. How xprobe2 tool works? 10. List two port states that are recognized by Nmap. 11. Write Nmap command that supports IPv4 address specification, TCP scan options and UDP scan options. 12. List two Nmap output options. 13. What is the purpose of Unicornscan? 14. What is Service enumeration? Why is it necessary for vulnerability assessment? Long Answer Questions: 1. Describe VPN enumeration in detail. Ms. Puja Kadam Page 6

7 2. Choose the tools that help to find out the target machines operating system. How can these tools be useful for target discovery? 3. Explain genlist and fping tool. 4. Discuss Netifera tool in detail giving an appropriate example. 5. Give significance of TCP header and UDP header. Also state the basic difference giving four points. 6. Compare and contrast nbtscan and nping with the help of commands. 7. How service enumeration is critically important for vulnerability management? 8. Estimate the relationship of target discovery with enumerating target. 9. Give diagrammatic representation of TCP and UDP header. 10. Conclude the importance of OSfingerprinting. How can it be resolved if any issues occur? Fill in the blanks with appropriate answer: 1. Stealth technique can also be applied for testing functionality. 2. The tool is the most famous tool to check whether a particular host is available. 3. The ping tool works by sending a packet to the target host. 4. The is used to ping a destination host in the LAN using ARP request. 5. The tool can be used to send an ARP and/or ICMP request to the target host. 6. The fping tool is used to send a ping request to several at once. 7. The tool can be used to get a list of hosts that respond to the ping probes. 8. The hping2 can be used to send packets and display replies from the target. 9. The tool works passively listening for any activities on the network. 10. The can be used to scan IP address for the NetBIOS name information. 11. The onesixtyone can be used as a scanner to find out if the SNMP string exists on a device. 12. and are the two methods for doing OSfingerprinting. 13. Active method of OSfingerprinting was pioneered by. 14. The tool is a tool used to fingerprint an operating system passively. 15. is a process used to find and collect information on ports and services available on the target environment. 16. can be defined as a method to determine TCP and UDP ports that are open on the target machines. 17. is a graphical based network scanning tool that can be used to find live hosts on a network. 18. is a popular VPN solution for connecting the branch office to the head office s LAN. 19. is a security tool that can be used to discover, fingerprint, and test IPSec VPN systems. 20. is a network security tool and also a modular platform to develop network security tools. Ms. Puja Kadam Page 7

8 State whether the below given statements are True or False: 1. The only purpose of target discovery is to find out underlying operating system that is used by the target machine. 2. OSfingerprinting is one of the sub menu of Network Mapping. 3. Stealth technique cannot be applied for IDS or IPS functionality. 4. The ping tool is used to ping a destination host in the LAN using the ARP. 5. #arping will display all the arping options with their descriptions. 6. The arping2 is used to send a ping request to several hosts at a one glance. 7. #genlist is used to get a list of hosts that respond to the ping probes. 8. hping2 tool supports TCP, UDP, ICMPand RAW-IP protocols. 9. The lanmap tool works by actively listening for any activities on the network. 10. nbtscan will produce a report which contains the IP address, NetBIOS computer name and service available. 11. pof can identify an operating system on machine you connect to (SYN+ACK mode). 12. Pot scanning is a method used to find and collect information on ports and services available on the target environment. 13. Network services usually use TCP or UDP for exchanging data in context of port scanning. 14. The source port and destination port each have a length of 16bits. 15. Rsvd is reserved for future use and is a 4 bit field and must be zero. 16. AutoScan is a non-graphical based network scanning tool that can be used to find live hosts on a network. 17. Filtered means that Nmap can t determine whether the port is open because there is a packet filtering device blocking the probe to reach the target. Ms. Puja Kadam Page 8

by Penetration Testing

by Penetration Testing BackTrack 4: Assuring Security by Penetration Testing Master the art of penetration testing with BackTrack Shakeel Ali Tedi Heriyanto rpafktl Pen I I llv. I\ 1 J community expe PUBLISHING- - BIRMINGHAM

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

NETWORK SECURITY WITH OPENSOURCE FIREWALL

NETWORK SECURITY WITH OPENSOURCE FIREWALL NETWORK SECURITY WITH OPENSOURCE FIREWALL Vivek Kathayat,Dr Laxmi Ahuja AIIT Amity University,Noida vivekkathayat@gmail.com lahuja@amity.edu ATTACKER SYSTEM: Backtrack 5r3( 192.168.75.10 ) HOST: Backtrack

More information

Department of Computer Science and Technology, UTU 2014

Department of Computer Science and Technology, UTU 2014 M.Sc. (CA) Semester 3 Course Name & Code: Penetration Testing (040020305) Tedi Heriyanto, Shakeel Ali, BackTrack 4: Assuring Security By Penetration Testing, Shroff/Packt Publishing is abbreviated as ST,

More information

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Port Scanning Objectives 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Introduction: All machines connected to a LAN or connected to Internet via a modem

More information

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests

More information

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance

More information

Learn Ethical Hacking, Become a Pentester

Learn Ethical Hacking, Become a Pentester Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,

More information

Healthcare Information Security Governance and Public Safety II

Healthcare Information Security Governance and Public Safety II Healthcare Information Security Governance and Public Safety II Technical Track Seminar Agenda 8/26/2009 1 Vulnerability Assessment, Vulnerability Management and Penetration Testing PART 1 9:00 10:30 Anatomy

More information

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network

More information

Penetration Testing with Kali Linux

Penetration Testing with Kali Linux Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

Cyber Essentials. Test Specification

Cyber Essentials. Test Specification Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8

More information

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS 1 LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS Te-Shun Chou and Tijjani Mohammed Department of Technology Systems East Carolina University chout@ecu.edu Abstract

More information

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie An Introduction to Nmap with a Focus on Information Gathering Ionuț Ambrosie January 12, 2015 During the information gathering phase of a penetration test, tools such as Nmap can be helpful in allowing

More information

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts. Scanning Tools The goal of the scanning phase is to learn more information about the target environment and discover openings by interacting with that target environment. This paper will look at some of

More information

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee.

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee. Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING Anestis Bechtsoudis http://bechtsoudis.com abechtsoudis (at) ieee.org Athena Summer School 2011 Course Goals Highlight modern

More information

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Professional Penetration Testing Techniques and Vulnerability Assessment ... Course Introduction Today Hackers are everywhere, if your corporate system connects to internet that means your system might be facing with hacker. This five days course Professional Vulnerability Assessment

More information

June 2014 WMLUG Meeting Kali Linux

June 2014 WMLUG Meeting Kali Linux June 2014 WMLUG Meeting Kali Linux "the quieter you become, the more you are able to hear" Patrick TenHoopen Kali Linux Kali Linux is a free and open source penetration testing Linux distribution designed

More information

1. LAB SNIFFING LAB ID: 10

1. LAB SNIFFING LAB ID: 10 H E R A LAB ID: 10 SNIFFING Sniffing in a switched network ARP Poisoning Analyzing a network traffic Extracting files from a network trace Stealing credentials Mapping/exploring network resources 1. LAB

More information

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment and Penetration Testing Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration

More information

EC-Council. CAST 611v3 Advanced Penetration Testing CENTER FOR ADVANCED SECURITY TRAINING CAST

EC-Council. CAST 611v3 Advanced Penetration Testing CENTER FOR ADVANCED SECURITY TRAINING CAST EC-Council CAST 611v3 Advanced Penetration Testing CAST CENTER FOR ADVANCED SECURITY TRAINING What is CAST (Center for Advanced Security Training)? With the speed at which the information security landscape

More information

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE: PENETRATION TESTING A SYSTEMATIC APPROACH INTRODUCTION: The basic idea behind writing this article was to put forward a systematic approach that needs to be followed to perform a successful penetration

More information

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) Author: Avinash Singh Avinash Singh is a Technical Evangelist currently worksing at Appin Technology Lab, Noida. Educational Qualification: B.Tech from Punjab Technical

More information

How-to: DNS Enumeration

How-to: DNS Enumeration 25-04-2010 Author: Mohd Izhar Ali Email: johncrackernet@yahoo.com Website: http://johncrackernet.blogspot.com Table of Contents How-to: DNS Enumeration 1: Introduction... 3 2: DNS Enumeration... 4 3: How-to-DNS

More information

Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security 560.2. Sans Mentor: Daryl Fallin

Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security 560.2. Sans Mentor: Daryl Fallin Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing SANS Security 560.2 Sans Mentor: Daryl Fallin http://www.sans.org/info/55868 Copyright 2010, All Rights Reserved Version 4Q10

More information

Client logo placeholder XXX REPORT. Page 1 of 37

Client logo placeholder XXX REPORT. Page 1 of 37 Client logo placeholder XXX REPORT Page 1 of 37 Report Details Title Xxx Penetration Testing Report Version V1.0 Author Tester(s) Approved by Client Classification Confidential Recipient Name Title Company

More information

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, 2011. Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, 2011. Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat. 1 Penetration Testing NTS330 Unit 1 Penetration V1.0 February 20, 2011 Juan Ortega Juan Ortega, juaorteg@uat.edu 1 Juan Ortega, juaorteg@uat.edu 2 Document Properties Title Version V1.0 Author Pen-testers

More information

Host Discovery with nmap

Host Discovery with nmap Host Discovery with nmap By: Mark Wolfgang moonpie@moonpie.org November 2002 Table of Contents Host Discovery with nmap... 1 1. Introduction... 3 1.1 What is Host Discovery?... 4 2. Exploring nmap s Default

More information

Additional Information: A link to the conference website is available at: http://www.curtin.edu.my/cutse2008/index.html

Additional Information: A link to the conference website is available at: http://www.curtin.edu.my/cutse2008/index.html Citation: Veeramani, S. and Gopal, Lenin. 2008. Network monitoring tool, in Curtin University of Technology (ed), Curtin University of Technology Science and Engineering International Conference CUTSE

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

The Nexpose Expert System

The Nexpose Expert System Technical Paper The Nexpose Expert System Using an Expert System for Deeper Vulnerability Scanning Executive Summary This paper explains how Rapid7 Nexpose uses an expert system to achieve better results

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

IDS and Penetration Testing Lab ISA656 (Attacker)

IDS and Penetration Testing Lab ISA656 (Attacker) IDS and Penetration Testing Lab ISA656 (Attacker) Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible

More information

Penetration Testing. Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014

Penetration Testing. Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014 Penetration Testing Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014 Part one: the concept of penetration testing 2 What is a penetration test?(informal) Port scanning Vulnerability Scanning

More information

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005 Firewall Testing Cameron Kerr Telecommunications Programme University of Otago May 16, 2005 Abstract Writing a custom firewall is a complex task, and is something that requires a significant amount of

More information

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad Vulnerability Assessment and Penetration Testing CC Faculty ALTTC, Ghaziabad Need Vulnerabilities Vulnerabilities are transpiring in different platforms and applications regularly. Information Security

More information

Kerem Kocaer 2010/04/14

Kerem Kocaer 2010/04/14 Kerem Kocaer 1 EHLO Kerem is: a graduate from ICSS a security consultant at Bitsec Consulting AB a security enthusiast Kerem works with: administrative security security standards and frameworks, security

More information

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ITEC441- IS Security. Chapter 15 Performing a Penetration Test 1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and

More information

TESTING OUR SECURITY DEFENCES

TESTING OUR SECURITY DEFENCES INFOSECURITY WITH PLYMOUTH UNIVERSITY TESTING OUR SECURITY DEFENCES Dr Maria Papadaki maria.papadaki@plymouth.ac.uk 1 1 Do we need to test our defences? Can penetration testing help to improve security?

More information

Detection of illegal gateways in protected networks

Detection of illegal gateways in protected networks Detection of illegal gateways in protected networks Risto Vaarandi and Kārlis Podiņš Cooperative Cyber Defence Centre of Excellence Tallinn, Estonia firstname.lastname@ccdcoe.org 1. Introduction In this

More information

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription

More information

Firewalls. Chien-Chung Shen cshen@cis.udel.edu

Firewalls. Chien-Chung Shen cshen@cis.udel.edu Firewalls Chien-Chung Shen cshen@cis.udel.edu The Need for Firewalls Internet connectivity is essential however it creates a threat vs. host-based security services (e.g., intrusion detection), not cost-effective

More information

Build Your Own Security Lab

Build Your Own Security Lab Build Your Own Security Lab A Field Guide for Network Testing Michael Gregg WILEY Wiley Publishing, Inc. Contents Acknowledgments Introduction XXI xxiii Chapter 1 Hardware and Gear Why Build a Lab? Hackers

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

Penetration Testing SIP Services

Penetration Testing SIP Services Penetration Testing SIP Services Using Metasploit Framework Writer Version : 0.2 : Fatih Özavcı (fatih.ozavci at viproy.com) Introduction Viproy VoIP Penetration Testing Kit Sayfa 2 Table of Contents 1

More information

Information Security. Training

Information Security. Training Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin

More information

Penetration Testing Report Client: Business Solutions June 15 th 2015

Penetration Testing Report Client: Business Solutions June 15 th 2015 Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com

More information

Outline. Outline. Outline

Outline. Outline. Outline Network Forensics: Network Prefix Scott Hand September 30 th, 2011 1 What is network forensics? 2 What areas will we focus on today? Basics Some Techniques What is it? OS fingerprinting aims to gather

More information

Penetration testing: exposure of fallacies 1-14

Penetration testing: exposure of fallacies 1-14 Penetration testing: exposure of fallacies 1-14 Statistics of the vulnerabilities distribution (2014) Network perimeter: 73% 52% 34% Ability to connect third-party equipment without pre-authorization Weak

More information

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN Applicable Version: 10.6.2 onwards Overview Virtual host implementation is based on the Destination NAT concept. Virtual

More information

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.

More information

CRYPTUS DIPLOMA IN IT SECURITY

CRYPTUS DIPLOMA IN IT SECURITY CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information

More information

Host Fingerprinting and Firewalking With hping

Host Fingerprinting and Firewalking With hping Host Fingerprinting and Firewalking With hping Naveed Afzal National University Of Computer and Emerging Sciences, Lahore, Pakistan Email: 1608@nu.edu.pk Naveedafzal gmail.com Abstract: The purpose

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Penetration Testing. Presented by

Penetration Testing. Presented by Penetration Testing Presented by Roadmap Introduction to Pen Testing Types of Pen Testing Approach and Methodology Side Effects Demonstration Questions Introduction and Fundamentals Penetration Testing

More information

4. Getting started: Performing an audit

4. Getting started: Performing an audit 4. Getting started: Performing an audit Introduction Security scans enable systems administrators to identify and assess possible risks within a network. Through GFI LANguard N.S.S. this is performed automatically,

More information

Detecting rogue systems

Detecting rogue systems Product Guide Revision A McAfee Rogue System Detection 4.7.1 For use with epolicy Orchestrator 4.6.3-5.0.0 Software Detecting rogue systems Unprotected systems, referred to as rogue systems, are often

More information

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology

More information

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES SECURITY

More information

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

Firewall implementation and testing

Firewall implementation and testing Firewall implementation and testing Patrik Ragnarsson, Niclas Gustafsson E-mail: ragpa737@student.liu.se, nicgu594@student.liu.se Supervisor: David Byers, davby@ida.liu.se Project Report for Information

More information

CYBERTRON NETWORK SOLUTIONS

CYBERTRON NETWORK SOLUTIONS CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Freshservice Discovery Probe User Guide

Freshservice Discovery Probe User Guide Freshservice Discovery Probe User Guide 1. What is Freshservice Discovery Probe? 1.1 What details does Probe fetch? 1.2 How does Probe fetch the information? 2. What are the minimum system requirements

More information

Open Source Security Tool Overview

Open Source Security Tool Overview Open Source Security Tool Overview Presented by Kitch Spicer & Douglas Couch Security Engineers for ITaP 1 Introduction Vulnerability Testing Network Security Passive Network Detection Firewalls Anti-virus/Anti-malware

More information

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important Presented By: Holes in the Fence Dave Engebretson, Contributing Technology writer, SDM Magazine Industry Instructor in Fiber and Networking Prevention of Security System breaches of networked Edge Devices

More information

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address Firewall Defaults, Public Server Rule, and Secondary WAN IP Address This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSafe Wireless-N

More information

Lab Objectives & Turn In

Lab Objectives & Turn In Firewall Lab This lab will apply several theories discussed throughout the networking series. The routing, installing/configuring DHCP, and setting up the services is already done. All that is left for

More information

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R HughesNet Managed Broadband Network Services include a high level of end-toend security utilizing a robust architecture designed by

More information

Divide and Conquer Real World Distributed Port Scanning

Divide and Conquer Real World Distributed Port Scanning Divide and Conquer Real World Distributed Port Scanning Ofer Maor CTO Hacktics 16 Feb 2006 Hackers & Threats I, 3:25PM (HT1-302) Introduction Divide and Conquer: Real World Distributed Port Scanning reviews

More information

Topics in Network Security

Topics in Network Security Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure

More information

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts

More information

Redhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity.

Redhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity. Planning Guide for Penetration Testing John Pelley, CISSP, ISSAP, MBCI Long seen as a Payment Card Industry (PCI) best practice, penetration testing has become a requirement for PCI 3.1 effective July

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

VPNSCAN: Extending the Audit and Compliance Perimeter. Rob VandenBrink rvandenbrink@metafore.ca

VPNSCAN: Extending the Audit and Compliance Perimeter. Rob VandenBrink rvandenbrink@metafore.ca VPNSCAN: Extending the Audit and Compliance Perimeter Rob VandenBrink rvandenbrink@metafore.ca Business Issue Most clients have a remote access or other governing policy that has one or more common restrictions

More information

Description: Objective: Attending students will learn:

Description: Objective: Attending students will learn: Course: Introduction to Cyber Security Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: In 2014 the world has continued to watch as breach after breach results in millions of

More information

About Firewall Protection

About Firewall Protection 1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote

More information

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

More information

INFORMATION SECURITY TRAINING CATALOG (2015)

INFORMATION SECURITY TRAINING CATALOG (2015) INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2015) Revision 3.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,

More information

Course Title: Penetration Testing: Security Analysis

Course Title: Penetration Testing: Security Analysis Course Title: Penetration Testing: Security Analysis Page 1 of 9 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics in advanced

More information

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper Details: Introduction When computers in a private network connect to the Internet, they physically

More information

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

If you know the enemy and know yourself, you need not fear the result of a hundred battles. Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you

More information

McAfee SMC Installation Guide 5.7. Security Management Center

McAfee SMC Installation Guide 5.7. Security Management Center McAfee SMC Installation Guide 5.7 Security Management Center Legal Information The use of the products described in these materials is subject to the then current end-user license agreement, which can

More information

Information and Network Security

Information and Network Security Information Technology Information and Network Security Certificate Program Information and Network Security Certificate Program The Information and Network Security Certificate Program helps industry

More information

TCP/IP Concepts Review. Ed Crowley

TCP/IP Concepts Review. Ed Crowley TCP/IP Concepts Review Ed Crowley 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP addressing

More information

Lab 10: Security Testing Linux Server

Lab 10: Security Testing Linux Server Lab 10: Security Testing Linux Server 10.1 Details Aim: Security Assessment and Penetration of a Linux Web Server, using the BackTrack5 Linux Security distribution and some of its security assessment tools.

More information

Web App Security Audit Services

Web App Security Audit Services locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System

More information

SENSITIVE AUSTRALIAN SPORTS COMMISSION ATHLETE MANAGEMENT SYSTEM (AMS) SMARTBASE SECURITY TEST PLAN. Final. Version 1.0

SENSITIVE AUSTRALIAN SPORTS COMMISSION ATHLETE MANAGEMENT SYSTEM (AMS) SMARTBASE SECURITY TEST PLAN. Final. Version 1.0 SENSITIVE AUSTRALIAN SPORTS COMMISSION ATHLETE MANAGEMENT SYSTEM (AMS) SMARTBASE SECURITY TEST PLAN Final Version 1.0 Preconditions This security testing plan is dependent on the following preconditions:

More information

Chapter 4 Firewall Protection and Content Filtering

Chapter 4 Firewall Protection and Content Filtering Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to protect your network.

More information

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London

More information

Guideline for setting up a functional VPN

Guideline for setting up a functional VPN Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the

More information

Firewall Defaults and Some Basic Rules

Firewall Defaults and Some Basic Rules Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified

More information

Montgomery College Germantown Campus NW246: Network Defense and Countermeasures Master Course Syllabus

Montgomery College Germantown Campus NW246: Network Defense and Countermeasures Master Course Syllabus Montgomery College Germantown Campus NW246: Network Defense and Countermeasures Master Course Syllabus Course Description: The purpose of this course is to prepare students for Level One of the Security

More information

A Study on The Information Gathering Method for Penetration Testing

A Study on The Information Gathering Method for Penetration Testing 보안공학연구논문지 (Journal of Security Engineering), 제 5권 제 5호 2008년 10월 A Study on The Information Gathering Method for Penetration Testing Adrian Stoica 1) Abstract Information gathering is the initial stage

More information

Ethical Hacking Course Layout

Ethical Hacking Course Layout Ethical Hacking Course Layout Introduction to Ethical Hacking o What is Information Security? o Problems faced by the Corporate World o Why Corporate needs Information Security? Who is a Hacker? o Type

More information