Effective Penetration Testing Netwerk Guardian LLC

Transcription

1 Effective Penetration Testing Netwerk Guardian LLC Presented by Kevin Pescatello Why it s so important to plan and communicate.

2 Penetration Testing Survey results from professionals in the field state Most tests have 20% failure rate self/peer ave. Poor communication and planning Failure to follow process Little or no documentation Resistance Legal review of contract and Corporate/IT governance Vulnerability Assessing it s not testing

3 Why Penetration Testing 2011 Symantec statistics show corporate breach cost 5.5 million Trojans, worms, end user initiated. Imperva -19% DDoS and SQL Injection Verizon 98% attacks from external agents 98% occurred on servers 58% derived from hacktivist

4 Client X Data Breach

5 Find a Pen That Fits No one Pen Testing group fits all Unique Strengths and Weaknesses Requesting client needs to know Assets + Processes = Requirements What do you really need tested? Industry Security Standard within reach? ISO 27001/2 FISMA compliance NIST SP800-53v3

6 Client X Processes

7 Enabling Events White box with diagrams Manual testing finds more ingress points Good communication plan with limitations Know the effects of tools Documented processes and assets

8 Inhibiting Events Clients view tests as witch hunts resistance Terminology confusion Running unfamiliar tools No documentation

9 Test Objectives Server Availability Core Business Application Availability Confidentiality Workstation Confidentiality

10 Penetration Tests

11 Penetration Test Schedule The following is an estimate for the test plan. It will take one work day or eight (8) hours to complete the following work Time 08:00-08:30 Target Devices and Services Have all identified targets of evaluation documented Obtain and review prioritized list of services 08:30-09:30 Test Operating Systems Use Microsoft Baseline Security Analyzer Use nmapto discover devices banner grabbing Use Nessus to discover vulnerabilities 09:30-10:30 Test Network Devices Use nmap to discover devices and ports Discover services DoS/DDoS Attack 10:30-12:00 Test Core Business Application Armitage and meterpreter used for testing but not successful. 13:00-14:30 Man in the middle: Appendix F: Sample Contract(Con t) Spoofing & Clear text traffic capturing 14:30-17:00 Contingency Testing, Report with Countermeasures Contingency testing in case one or more test open or deny success Provide results in a brief outlining the test and results Provide Countermeasures

12 Reverse TCP Shell -Keylogging

13 Reverse TCP Shell Admin in

14 Reverse TCP Shell Admin in

15 Penetration Test Results Application Server Resilient against mild LAN DDoS Integrity - Data is encrypted IIS Service Resilient Workstation Windows 7 Integrity App data is encrypted Susceptible to MITM Susceptible key logging

16 Countermeasures Summation of Countermeasures 1. NAC Appliance Trustwave 2. Host Based Firewall (Zone Alarms Used) 3. Host based VPN out for secure HTTP 4. Private SSH server

17 Next Steps Security Planning & Management Have documentation started for ISO C&A Known assets and associated risks Keep going for that standard! Security Management Continuous improvement by managing risk Identifying key risks against critical processes Know your strengths and weakness and when to outsource

18 Real Life Application Know that not everything is handed to you Security is a constant struggle KSAs require diligence in practice Penetration testing challenges everyone.

19 References Symantec. (2012) Annual Study -U.S. Cost of a Data BreachRetrievedfrom Imperva. (2012). Hacker Intelligence Initiative, Monthly Trend Report#13. Retrieved from Verizon. (2012) Data breach Investigations Report. Retrieved from

20 Netwerk Guardian LLC Security Effective Penetration Testing Questions?