Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee.

Similar documents
INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

Vulnerability Assessment and Penetration Testing


PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Vinny Hoxha Vinny Hoxha 12/08/2009

Penetration Testing. Presented by

Security Certifications. Presentatie SecCert 101 Jordy Kersten MSc., ISC2 Ass., CEH, OSCP

Kerem Kocaer 2010/04/14

WHITEPAPER. Nessus Exploit Integration

Penetration Testing Workshop

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Penetration Testing with Kali Linux

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Application Security Testing

Network Security Audit. Vulnerability Assessment (VA)

Bust a cap in a web app with OWASP ZAP

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Professional Penetration Testing Techniques and Vulnerability Assessment ...

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

WEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them)

Audience. Pre-Requisites

CRYPTUS DIPLOMA IN IT SECURITY

Learn Ethical Hacking, Become a Pentester

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Client logo placeholder XXX REPORT. Page 1 of 37

June 2014 WMLUG Meeting Kali Linux

Vulnerability analysis

locuz.com Professional Services Security Audit Services

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Penetration Testing 2014

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Certified Ethical Hacker (CEH)

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Healthcare Information Security Governance and Public Safety II

How To Perform An External Security Vulnerability Assessment Of An External Computer System

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

CEH Version8 Course Outline

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

Web App Security Audit Services

SECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING. Presented by: Dave Kennedy Eric Smith

Demystifying Penetration Testing

(WAPT) Web Application Penetration Testing

PENTEST. Pentest Services. VoIP & Web.

A Study on the Security aspects of Network System Using Penetration Testing

Conducting Web Application Pentests. From Scoping to Report For Education Purposes Only

IDS and Penetration Testing Lab ISA 674

CYBERTRON NETWORK SOLUTIONS

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Certified Cyber Security Expert V Web Application Development

Department of Computer Science and Technology, UTU 2014

Information Security. Training

Profiling Campus Network using Network Penetration Testing

IDS and Penetration Testing Lab ISA656 (Attacker)

PKF Avant Edge. Penetration Testing. Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP

Evaluation of Penetration Testing Software. Research

Web Application Security

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Penetration Testing Report Client: Business Solutions June 15 th 2015

by Penetration Testing

Web Application Vulnerability Testing with Nessus

Aiming at Higher Network Security Through Extensive Penetration Tests

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Course Title: Course Description: Course Key Objective: Fee & Duration:

NETWORK PENETRATION TESTING

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

McAfee Certified Assessment Specialist Network

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Using Nessus In Web Application Vulnerability Assessments

Web security. Live hacking demo. Rick van Tol Arthur Donkers Paul van Maaren Eilko Bos.

Penetration Testing - a way for improving our cyber security

Ethical Hacking Agreement for External Network Security Unannounced Penetration Test

Web application testing

Attack and Penetration Testing 101

Pentests more than just using the proper tools

Pentests more than just using the proper tools

Penetration Testing. Security Testing

Rational AppScan & Ounce Products

Security Products Development. Leon Juranic

ensuring security the way how we do it

Penetration Testing Service. By Comsec Information Security Consulting

Penetration Testing. What Is a Penetration Testing?

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Ed Ferrara, MSIA, CISSP Fox School of Business

MatriXay WEB Application Vulnerability Scanner V Overview. (DAS- WEBScan ) The best WEB application assessment tool

INFORMATION SECURITY TESTING

Penetration Testing //Vulnerability Assessment //Remedy

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

Penetration Testing in Romania

EC-Council Certified Security Analyst (ECSA)

Literature Study of Penetration Testing

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

SERENA SOFTWARE Serena Service Manager Security

Ethical Hacking and Attack Tools

Transcription:

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING Anestis Bechtsoudis http://bechtsoudis.com abechtsoudis (at) ieee.org Athena Summer School 2011

Course Goals Highlight modern network and system security complexity Importance of conducting security tests Penetration testing systematic methodology applicable both to amateurs & professionals Tools arsenal Open/Close/Free/Commercial Motivation to adopt security procedures and response teams to your working environments

Overview Introduction Definition Purpose Methodology Live Demo Conclusions

Introduction Information & Communication Technology Security

Introduction Modern enterprise infrastructures adopt: Multilayer network architectures Scalable web services Custom applications Heterogeneous server platform environments Complex architectures result in large security demands

Introduction

Introduction Attackers have formed teams and formulated their hacking procedures

Introduction Most companies & institutes adopt just an up-to-date security policy Take into faith that vendor s fixes will keep their systems safe This approach is not adequate for a truly proactive security planning

Introduction What about mis-configured settings or network infrastructure design flaws? Do ICT Security administrators really know whether and where they are vulnerable? Are managers and administrators willing to pay the cost?

Aiming to Higher Security Levels Penetration Testing == Ethical Hacking

What is Penetration Testing? Systematic probing of a system to find vulnerabilities that an attacker could exploit System: computer/server, application, network device, smart card, rfid etc. Emphasis on how deep one can get into a system Must not be confused with audits

Pen-testing Classes What kind of attack does the organization want to simulate? Black-Box: No (or little) knowledge about the systems -> external attacker White-Box: Complete knowledge about the systems -> internal attack

Why pen-testing? Find vulnerabilities and fix them Test systems before going on-line Locate employees naïve or intentional changes Train & test organization s ICT response and incident handling teams Marketing

Methodology PLANNING DISCOVERY EXPLOIT REPORTING

Planning Define the scope Sign management approvals, documents and agreements (like NDA) Define a strategy taking into account all the limitations: Time Legal restrictions Down-time

Discovery Knowing is half the battle Information gathering phase As much as possible Further categorized to: Footprinting Non-intrusive Scan & Enumeration Intrusive Vulnerability Analysis Both

Discovery -> Footprinting Searching the internet and querying public repositories. Whois databases Domain registrars Mailing lists Public documents Social Networking Text dump sites

Discovery -> Footprinting -> Tools Maltego: Information Reconnaissance Toolkit

Discovery -> Footprinting -> Tools File metadata enumeration Metagoofil python script FOCA Windows Tool

Discovery -> Footprinting -> Tools Text dump sites (pastebin, pastie etc) Pastenum ruby script

Discovery -> Scanning & Enumeration Active probing the target systems Open/filtered ports Running services Mapping router/firewall rules Identify OS details Enumerate network devices Mapping internal network architecture

Discovery -> Scanning & Enumeration -> Tools NMAP : Open source network mapper

Discovery -> Scanning & Enumeration -> Tools SNMP Enumeration./snmpenum.pl 192.168.146.13 public cisco

Discovery -> Vulnerability Analysis Find possible vulnerabilities existing in target systems Search in security databases: mailing lists, blogs, advisories etc. Application scanners: buffer overflows, SQL injections, XSS, cookie manipulation etc. Fuzzing (may discover unidentified vulnerabilities) Web application assessment proxy

Discovery -> Vulnerability Analysis -> Tools Nessus: Vulnerability Scanner

Discovery -> Vulnerability Analysis -> Tools Nikto: Web Server Vulnerability Assessment

Exploiting Let the party begin Use gathered information to attack target systems Case dependant: Targeting the actual system or launch attacks into a simulated lab Prior exploits testing and take all necessary precautions

Exploiting DISCOVERY Gaining Access Privilege Escalation System Browsing Install Add. Software Successful exploit might not lead to root access Pivoting through targeted systems

Exploiting -> Tools Metasploit: Exploitation Framework

Exploiting -> Tools Core Impact: Full Pen-Testing Platform

Reporting Paperwork headache Most important phase They pay you for these final documents Keep in mind both Management & Technical aspects Clear and precise documentations are important for a successful penetration test

Demo Enough with the theory. Live Demo Time!

Conclusions Modern ICT infrastructures have large and more difficult than ever security demands Penetration Tests are a vital component of a comprehensive security policy Rapid changes in ICT security -> Regularity Learn to be proactive in order to prevent catastrophic hacking attacks & data leakage

Conclusions And always remember

Thank You! Questions

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information