Vinny Hoxha Vinny Hoxha 12/08/2009

Transcription

1 Ethical Hacking and Penetration Testing Vinny Hoxha Vinny Hoxha 12/08/2009

2 What is Ethical Hacking? Types of Attacks Testing Approach Vulnerability Assessments vs. Penetration Testing Testing Methodology Live Demo Conclusions Agenda

3 Art and Science of determining the extent to which an attacker might exploit the vulnerabilities that reside within your network. Should be performed by highly hl skilled and ethical security professionals. What is Ethical Hacking

4 Full penetration testing Denial of Service Theft or disclosure Social engineering Everything is fair game. Create a DoS on the network. Concerned about specific data. Exploit people. Types of Attacks

5 Black Box The penetration tester has no knowledge of the network being testing. White Box Penetration ti tester t has full knowledge of the network, company and systems being tested. Gray Box Combination of the black and white box testing. ti The tester t has some knowledge of the network. Testing Approach

6 Reconnaissance Scanning Service Enumeration Vulnerability Assessment Penetration and Access Pi Privilege il Escalation Expanding Access and Erasing Tracks OSSTMM Open Source Security Testing Methodology Manual NIST SP National Institute of Standards and Technology ISSAF Information Systems Security Assessment Framework Testing Methodology

7 First step in the penetration test Gather data and information about the target company and network. Gather data from the company website Job openings and IT requirements American Registry for Internet Numbers (ARIN) whois Google searches Goolag Reconnaissance

8 Determine the hosts s that are live on the network. Check for open ports and services running on those systems. Consistent scans will be detected by firewalls and Intrusion Detection ti and Prevention systems. Nmap, Superscan, Nessus, GFI LanGuard Scanning

9 Determine the types of systems s that are running on the network. Determine the services running on the systems. Determine the version of a given service. Nmap, LanSpy, Nessus, GFI LanGuard Service Enumeration / Fingerprinting

10 Vulnerability assessments s make use of automated tools to identify vulnerabilities and weaknesses within the network. No testing is done during a vulnerability assessment. Penetration ti testing ti makes full use of the vulnerabilities identified during the vulnerability assessment phase and tries to exploit those vulnerabilities. Vulnerability Assessments vs. Penetration Testing

11 Discover the vulnerabilities that exist within each system identified within the network. LanGuard Vulnerability Scanner Nessus Vulnerability Scanner Saint W3AF Paros Proxy SolarWinds Vulnerability Assessment

12 Identify well known exploits for the vulnerabilities discovered. Develop new exploits for new vulnerabilities or custom systems and applications. Penetrate systems based on the exploits identified. Metasploit Framework Cain & Abel John the Ripper Penetration and Access

13 Gain administrative a access to the system. Take full control of the system. Metasploit Framework Privilege Escalation

14 Rootkits can be used to maintain a and expand access. Key loggers can be used to expand access. Delete log files, reset permissions and remove any tools used during the attack. m Expanding Access and Erasing Tracks

15 Nmap Scanner Demo Nessus Vulnerability Scanner Demo Metasploit Meterpreter Demo Metasploit VNC Demo Web Vulnerabilities Demo Live Demo

16 Ethical hacking can identify vulnerabilities before they are exploited. Can be used as an effective preventative measure. Any penetration test should always include a vulnerability remediation phase. Be proactive, know your environment, your weaknesses and the capabilities of your enemy. Conclusions

17 Ethical Hacking and Penetration Testing Vinny Hoxha, CISSP, CISA 12/8/2009 Questions?