1 Vulnerability Assessment and Penetration Testing CC Faculty ALTTC, Ghaziabad
2 Need Vulnerabilities Vulnerabilities are transpiring in different platforms and applications regularly. Information Security evaluation The security situation of the organisation s network/systems need to be evaluated at regular intervals How often do you evaluate the security situation of your network?
4 Pen Test v. VA v. Audit What are the differences between a Penetration Test, a Vulnerability Assessment and an Audit? Many people use this terms interchangeably. There are actually distinct differences.
5 Pen Test v. Vuln Assess v. Audit Audits Auditing compares current practices against a set of standards. Industry groups or security institutions may create those standards. Organizational management is responsible for demonstrating that the standards they adopt are appropriate for their organization
6 Pen Test vs VA vs Audit Assessments An assessment is a study to locate security vulnerabilities and identify corrective actions. An assessment differs from an audit by not having a set of standards to test against. It differs from a penetration test by providing the tester with full access to the systems being tested.
7 Pen Test v. VA v. Audit Pen Test Vulnerability Assessment Audit Initial Info Limited Limited Full Outcome Access to Internal Network List of Vulnerabilities Secure System Location Internal / External Internal/External On System Time Medium Short Long
8 Penetration Testing A set of procedures designed to bypass the security controls of a system or organization Real life test of the organization s exposure to known security threats Performed to uncover the security weakness of a system Focuses on exploiting network and systems vulnerabilities that an unauthorized user would exploit
10 Knowledge Assumptions What kinds of test can be performed? Test should address risks and illustrate: zero knowledge: hacker from Internet knowledgeable: former employee, no access, but understands organization insider: current employee, has legitimate access to IT resources knowledgeable insider: IT person, detailed systems knowledge
11 Penetration Testing - Prerequisites The persons conducting penetration testing should be skilled professionals Security Auditors CERT-In empanelled Security Auditors
13 Penetration Testing - Preparation Rules of Engagement: formal permission for conducting penetration testing prior to starting. This may include: Specific IP addresses/ranges to be tested Any restricted hosts A list of acceptable testing techniques Identification of a finite period for testing IP addresses of the machines from which penetration testing will be conducted so that administrators can differentiate the legitimate penetration testing attacks from actual malicious attacks Points of contact for the penetration testing team, the targeted systems, and the networks Measures to prevent law enforcement being called with false alarms (created by the testing) Handling of information collected by penetration testing team.
15 Penetration Testing - Methodology Teams Red Team attempts to discover vulnerabilities Blue Team simulates normal administration detection of attacks respond to attacks White Team inject workload captures results Note: The team system is only optional We are focusing on functions to be performed by Red Team here
16 Penetration Testing Reconnaissance Objective To collect basic information about the organisation and their network Methodology - collect as much information as possible without actually scanning the target network. - study the webpage, search the Internet about the organisation mailing list archives - Whois queries, reverse DNS Tools Samspade, Smartwhois, Neotrace, traceroute etc.
17 Penetration Testing Foot printing Objective To determine - the operating system platform, version etc., running the webserver, mailserver, clients etc. - applications running Methodology - Conduct various web based queries - TCP Fingerprinting - Target Acquisition
18 Penetration Testing Foot printing Penetration Testing > Foot printing > TCP finger printing Active finger printing sending a crafter packet Passive finger printing capturing packets and analysing probe the TCP/IP stack, because it varies with OSs this information is used to create a fingerprint to determine what type of machine is running Tools Nmap Queso Cheops
19 Penetration Testing Footprinting Penetration Testing > Footprinting > Target acquisition Target Acquisition : Obtain as much information as possible about the target Tools Netcraft Internic database searches - whois queries Dig Route analysis traceroute /
20 Penetration Testing - Scanning Objective - To find out the live hosts of target network, - determine details of operating systems, applications, ports, services running on target network, systems Methodology - Conduct various types of scans - Analyse the results of Target Acquisition - Host Discovery - Port Scanning - Banner Retrieval
21 Penetration Testing - Scanning Penetration Testing > Scanning > Host Discovery Identify which machines to target to determine which machines are alive and responding Tools Tools: - fping, pinger, nmap, hostcount - NetScan Tools - WS_Ping ProPack
22 Penetration Testing - Scanning Penetration Testing > Scanning > Port Scanning Port scans to determine which services are running To find out vulnerable services Port scans can be noisy stealth scanners do not make full TCP connections, making detection difficult Results of different types of scans viz. connect, SYN, FIN, ACK, XMAS, NULL etc are to be correlated Tools strobe, nmap, jakal, netcat, Asmodeus, Cybercop scanner, ISS, NetSonar, WS_Ping ProPack, NetScan Tools
23 Port Scanning Results of nmap Starting nmap V by ( ) Interesting ports on babbage ( ): (The 1515 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open sunrpc 443/tcp open https 662/tcp open unknown 1024/tcp open kdm 3128/tcp open squid-http
25 Penetration Testing - Enumeration Objective To determine various user groups, user accounts and their privileges Methodology Analyse the results of scanning phase, select a server/client system Tools NAT,, Enum, GetAdmin, user2sid
26 Penetration Testing - VA Objective Methodology To find out the vulnerabilities existing in the target network/systems Analyse the results of previous phases Assess the vulnerabilities in the target network/systems Automated Vulnerability scanners Tools Retina, Nessus, ISS
27 Penetration Testing - VA Automated Vulnerability Scanning Tools run against target systems scans a range of IP addresses only looking for known vulnerabilities up to date(?) vulnerability checking can be configured for specific tests Windows modules web server modules UNIX module denial of service modules Tools Retina, Nessus, ISS
28 Vulnerability Scanning Other considerations false positives - verification of scan results some scanners are free scans are noisy, leaving large footprints denial of service attacks may bring down scan target some tests require root/administrator access password grinding may lock accounts
29 Port Scanners Types of tools Single purpose scanners Banner Scan Vulnerability Assessment Suites Nessus SAINT ISS Internet security scanner Others, Retina, Shadow, etc.
30 Port Scanners Types of tools Give a good initial picture of what a host/network looks like Easily bogged down by personal firewalls Most popular: nmap, xprobe2
31 Types of tools Single purpose scanners Tools written to test a specific vulnerability Extremely useful when they are timely The type of scan opportunistic attackers use
32 Types of tools Vulnerability Assessment Suites - Nessus Nessus Open source Quick to add new signatures Used by many consultants Various report formats Allows custom scan checks
33 Types of tools: Vulnerability Assessment Suites - SAINT SAINT One of the first Less complex than Nessus to setup SAINT runs exclusively on UNIX Saint used to be free and open source, but is now a commercial product.
34 Types of tools Vulnerability Assessment Suites ISS ISS Internet security scanner Reasonably up to date Understands different reporting audiences May be priced out of most IT budgets
35 Types of tools Vulnerability Assessment Suites - Others Other Commercial Products Cisco Scanner Network Associates CyberCop Core Impact
36 Actual Penetration - Hacking Perimeter penetration Router vulnerabilities SNMP Solarwinds Firewall vulnerabilities Fragmentation, Spoofing IDS Spoofing, Timing of Scans etc.
37 Actual Penetration - Hacking System hacking Privilege escalation Password cracking DoS
38 Actual Penetration - Hacking Password guessing methods Dictionary attack Brute force attack Hybrid attack Social engineering
39 Hacking : Covering the tracks To see whether the evidence of hacking could be erased Tools: elsave WinZapper
40 Penetration Testing - Conclusion Preparation of Reports Report format - illustrates each step of Pentest carried out - Tools used - Vulnerabilities found - audit trails - Recommended solutions
41 Penetration Testing - Cleanup Follow up on Reports of Penetration Testing Information Security Policy Standards Guidelines Procedures
42 Security Testing Standard OSSTMM Open-Source Security Testing Methodology Manual Version 2.1 at Report format templates: (page 93 to 120) Version 3.0 (to be released) Developed by Pete Herzog, it is a living document on how to perform a penetration test. Defines how to go about performing a pen test, but does not go into the actual tools.
43 References Information Security - Chris Clifton NIST Special Publication : Guideline on Network Security Testing
Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance
https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
Certified Ethical Hacker (CEH) Course Number: CEH Length: 5 Day(s) Certification Exam This course will help you prepare for the following exams: Exam 312 50: Certified Ethical Hacker Course Overview The
Client logo placeholder XXX REPORT Page 1 of 37 Report Details Title Xxx Penetration Testing Report Version V1.0 Author Tester(s) Approved by Client Classification Confidential Recipient Name Title Company
The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning
Tim West Consulting 6807 Wicklow St. Arlington, TX 76002 817-228-3420 Twest@timwestconsulting.com OVERVIEW Tim West Consulting Tim West Consulting is a full service IT security and support firm that specializes
An Introduction to Network- Vulnerability Testing C ONTENTS + Introduction 3 + Penetration-Testing Overview 3 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and
Demystifying Penetration Testing Prepared by Debasis Mohanty www.hackingspirits.com E-Mail: firstname.lastname@example.org Goals Of This Presentation An overview of how Vulnerability Assessment (VA) & Penetration
Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration
PENETRATION TESTING A SYSTEMATIC APPROACH INTRODUCTION: The basic idea behind writing this article was to put forward a systematic approach that needs to be followed to perform a successful penetration
Course Introduction Today Hackers are everywhere, if your corporate system connects to internet that means your system might be facing with hacker. This five days course Professional Vulnerability Assessment
1 Penetration Testing NTS330 Unit 1 Penetration V1.0 February 20, 2011 Juan Ortega Juan Ortega, email@example.com 1 Juan Ortega, firstname.lastname@example.org 2 Document Properties Title Version V1.0 Author Pen-testers
Demystifying Penetration Testing for the Enterprise Presented by Pravesh Gaonjur Pravesh Gaonjur Founder and Executive Director of TYLERS Information Security Consultant Certified Ethical Hacker (CEHv8Beta)
COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information
INFOSECURITY WITH PLYMOUTH UNIVERSITY TESTING OUR SECURITY DEFENCES Dr Maria Papadaki email@example.com 1 1 Do we need to test our defences? Can penetration testing help to improve security?
Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,
Kerem Kocaer 1 EHLO Kerem is: a graduate from ICSS a security consultant at Bitsec Consulting AB a security enthusiast Kerem works with: administrative security security standards and frameworks, security
Penetration Testing Gleneesha Johnson Advanced Topics in Software Testing Fall 2004 Security Testing Method of risk evaluation Testing security mechanisms to ensure that their functionality is properly
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
Security Considerations White Paper for Cisco Smart Storage An open network is like a bank s vault with windows Bill Thomson Network-Attached Storage (NAS) is a relatively simple and inexpensive way to
EC Council Security Analyst (ECSA) Course ID SEC190 Course Description Any computer user needs to know how to protect information assets and securely connect to another system over a network. Security5
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
Stop that Big Hack Attack Protecting Your Network from Hackers Laura Jeanne Knapp Technical Evangelist 1-919-224-2205 firstname.lastname@example.org www.lauraknapp.com NetSec_ 010 Agenda Components of security threats
Network Security Audit Vulnerability Assessment (VA) Introduction Vulnerability Assessment is the systematic examination of an information system (IS) or product to determine the adequacy of security measures.
Network-based vulnerability assessment Pier Luigi Rotondo IT Specialist IBM Tivoli Rome Laboratory Abstract Vulnerability assessment aims at identifying weaknesses and vulnerabilities in a system's design,
CEH Version8 Course Outline Module 01: Introduction to Ethical Hacking Information Security Overview Information Security Threats and Attack Vectors Hacking Concepts Hacking Phases Types of Attacks Information
TECHNOLOGY TRANSFER PRESENTS SONDRA SCHNEIDER JOHN NUNES CERTIFIED ETHICAL HACKER TM THE ONLY WAY TO STOP A HACKER IS TO THINK LIKE ONE MAY 21-25, 2007 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
Course: Information Security Management in e-governance Day 3 Session 1: Information Security Audits Agenda Need for information security audit and its objectives Categories of information security audit
REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB Conducted: 29 th March 5 th April 2007 Prepared By: Pankaj Kohli (200607011) Chandan Kumar (200607003) Aamil Farooq (200505001) Network Audit Table of
Tstsec - Version: 1 09 July 2016 Application Security Testing Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: email@example.com
INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad OUTLINE Security incident Attack scenario Intrusion detection system Issues and challenges Conclusion
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
Course Code: ECCEH8 Vendor: Cyber Course Overview Duration: 5 RRP: 2,445 EC Council Certified Ethical Hacker V8 Overview This class will immerse the delegates into an interactive environment where they
Comprehensive Questions/Practical Based :- 040020305-Penetration Testing 2014 1. Demonstrate the installation of BackTrack using Live DVD. Also list all the steps. 2. Demonstrate the installation of BackTrack
A Very Incomplete Diagram of Network Attacks TCP/IP Stack Reconnaissance Spoofing Tamper DoS Internet Transport Application HTTP SMTP DNS TCP UDP IP ICMP Network/Link 1) HTML/JS files 2)Banner Grabbing
IS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
Divide and Conquer Real World Distributed Port Scanning Ofer Maor CTO Hacktics 16 Feb 2006 Hackers & Threats I, 3:25PM (HT1-302) Introduction Divide and Conquer: Real World Distributed Port Scanning reviews
SCP - Strategic Infrastructure Security Lesson 1 - Cryptogaphy and Data Security Cryptogaphy and Data Security History of Cryptography The number lock analogy Cryptography Terminology Caesar and Character
http://www.ideahamster.org/ Open-Source Security Testing Methodology Manual current version: osstmm.en.0.9.3.x date of current version: Monday, March 23, 2001 date of original version: Monday, December
White Paper Rapid Vulnerability Assessment Report Table of Contents Executive Summary... Page 1 Characteristics of the Associated Business Corporation Network... Page 2 Recommendations for Improving Security...
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
Testing of Network and System Security 1 Testing of Network and System Security Introduction The term security when applied to computer networks conveys a plethora of meanings, ranging from network security
Security Mgt. Tools and Subsystems some attack and defense security tools at work Reconaissance Passive Active Penetration Classes of tools (network-bound) Passive Reconaissance Passively listen and analyze
Hacking: Information Gathering and Countermeasures Presenter: Chin Wee Yung Hacking: Content Hacking terminology History of hacking Information gathering and countermeasures Conclusion What is a Hacker?
Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group firstname.lastname@example.org 1 (604) 961-0701 If you know the enemy and know yourself, you
Course: Introduction to Cyber Security Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: In 2014 the world has continued to watch as breach after breach results in millions of
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
Understanding Security Testing Choosing between vulnerability assessments and penetration testing need not be confusing or onerous. Arian Eigen Heald, M.A., Ms.IA., CNE, CISA, CISSP I. Introduction Many
Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing SANS Security 560.2 Sans Mentor: Daryl Fallin http://www.sans.org/info/55868 Copyright 2010, All Rights Reserved Version 4Q10
Firewalls Netasq Security Management by NETASQ 1. 0 M a n a g e m e n t o f t h e s e c u r i t y b y N E T A S Q 1 pyright NETASQ 2002 Security Management is handled by the ASQ, a Technology developed
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
Chapter 6 Phase 2: Scanning War Dialer Tool used to automate dialing of large pools of telephone numbers in an effort to find unprotected THC-Scan 2.0 Full-featured, free war dialing tool Runs on Win9x,
CIS 551 / TCOM 401 Computer and Network Security Spring 2006 Lecture 21 Outline for Today (and Next Time) Containing worms and viruses Detecting viruses and worms Intrusion detection in general Defenses
Penetration Testing Presented by Roadmap Introduction to Pen Testing Types of Pen Testing Approach and Methodology Side Effects Demonstration Questions Introduction and Fundamentals Penetration Testing
Profiling Campus Network using Network Penetration Testing Thesis submitted in partial fulfillment of the requirements for the award of degree of Master of Engineering in Software Engineering Submitted
Presented By: Holes in the Fence Dave Engebretson, Contributing Technology writer, SDM Magazine Industry Instructor in Fiber and Networking Prevention of Security System breaches of networked Edge Devices
and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online
Technical Paper The Nexpose Expert System Using an Expert System for Deeper Vulnerability Scanning Executive Summary This paper explains how Rapid7 Nexpose uses an expert system to achieve better results