Penetration Testing

Penetration Testing: Protecting Networks and Systems

KEVIN M. HENRY
Copyright Date: 2012
Published by: IT Governance Publishing
Pages: 221
https://www.jstor.org/stable/j.ctt5hh74m
  • Cite this Item
  • Book Info
    Penetration Testing
    Book Description:

    This book is a preparation guide for the CPTE examination, yet is also a general reference for experienced penetration testers, ethical hackers, auditors, security personnel and anyone else involved in the security of an organization’s computer systems. Key areas covered include: The primary phases of pen testing – reconnaissance, enumeration, vulnerability assessment and the eventual launch of an attack, The preparation of the test report – what information to include in the report and how best to present it to the client, The introduction of new technology ­– how it can improve business operations (e.g. employee remote access, wireless communications, public-facing web applications), but, at the same time, create new vulnerabilities.

    eISBN: 978-1-84928-372-4
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 1-4)
  2. PREFACE
    (pp. 5-5)
  3. ABOUT THE AUTHOR
    (pp. 6-6)
  4. ACKNOWLEDGEMENTS
    (pp. 6-6)
  5. Table of Contents
    (pp. 7-9)
  6. INTRODUCTION
    (pp. 10-11)

    Today’s world runs on technology. Nearly every business benefits from – and relies on – technology in one form or another. The use of technology has brought tremendous advantages to society by making services, features and knowledge more readily available than ever before. We can communicate across the planet (and, in fact, across the universe) in seconds, and can effectively control millions of devices instantly – something we could never have done previously through simple human action.

    The use of technology also, however, presents several risks to society. By using it, we develop a greater reliance on devices that lack...

  7. CHAPTER 1: INTRODUCTION TO PENETRATION TESTING
    (pp. 12-37)

    Penetration testing captures the imagination and sparks the interests of many people. It is part mystery, part challenge, part creativity and part risk. It has the glamour and mystique of doing something on the wild side of life by simulating a criminal act, but without the penalties. Therefore, it is no surprise that many people are drawn to penetration testing and want to know more about what it is, how to do it and, moreover, how they can use it to help protect their systems and defend their networks.

    Protecting the systems and networks of today requires a broad understanding...

  8. CHAPTER 2: PREPARING TO CONDUCT A PENETRATION TEST
    (pp. 38-50)

    Conducting a successful penetration test is a challenge for even the most experienced penetration tester. A penetration test requires perseverance and creativity, as well as a bit of luck. Luck must be earned, however; as Samuel Goldwyn once said, “I make my own luck and the harder I work, the luckier I get.10” The pen tester is always best following a clear and structured methodology that will ensure that all possible avenues of attack are explored and no potential vulnerability is overlooked.

    Most pen testers use Linux®-based operating systems for their work. A further explanation of Linux, and some if...

  9. CHAPTER 3: RECONNAISSANCE
    (pp. 51-65)

    Now that the preparatory work has been completed and the testing team knows the scope, authority and rules of engagement for the test, the real pen testing work begins. The first step in conducting a pen test is to get to know the target. The test requires knowledge of client networks, applications, physical facilities, equipment and the people that use, manage and oversee client systems. It must be remembered that a pen test is often much more than just a technical probe of a system or technology. The test may be multifaceted and also examine physical, procedural and administrative controls....

  10. CHAPTER 4: ACTIVE RECONNAISSANCE AND ENUMERATION
    (pp. 66-76)

    Active reconnaissance is the next critical step in the pen testing process. During this step, the pen tester will learn crucial information about the characteristics of the target system (and perhaps even about the administrators’ diligence in monitoring, patching and configuring the systems properly).

    Active reconnaissance is the actual probing of the system to learn how it is configured, what possible points of entry there are for the pen tester and what services or vulnerable points may be found.

    Active reconnaissance may consist of several types of tests, including port scans, operating system fingerprinting, and Transmission Control Protocol (TCP) scanning....

  11. CHAPTER 5: VULNERABILITY ASSESSMENTS
    (pp. 77-93)

    This section is one of the most important areas of concern for the systems, network and database administrators – as well as for the pen tester. Vulnerability assessment is the careful, thorough and diligent review of the target system from all angles and attack vectors. It is through a complete and comprehensive vulnerability assessment (VA) that all the possible means of attack are explored and, from this, the tester will be able to identify all potential attack vectors, potential weaknesses and possible entry points. A pen test without a comprehensive VA is incomplete and will often lead to a false...

  12. CHAPTER 6: HACKING WINDOWS® AND UNIX
    (pp. 94-127)

    Ethical hacking is exploring, learning and discovery. It is the art of questioning, experimenting and persistence. An ethical hacker loves to learn; they are not interested in doing damage or harming another organization or individual, but rather looking for what new things may be found around the corner, under the rock, or beside the pathway. The opposite are criminals or crackers, people that are seeking their own profit, satisfying their ego or exacting revenge. It is important to remember that we should never do anything just to do damage or harm another person or organization. It is good to learn...

  13. CHAPTER 7: LAUNCHING THE ATTACK
    (pp. 128-144)

    The objective of most attackers is to try to take over a compromised system and assume an elevated level of access. One way to accomplish this is to obtain a command line shell that can be used to execute system commands and run malicious code on the compromised system. There are several types of command shells that are used for local or remote access.

    Local shellcode: Local shellcode is used to provide the attacker with access to a local machine that would otherwise restrict the access level of the attacker.

    Remote shellcode: Remote shellcode is used to facilitate an attack...

  14. CHAPTER 8: ATTACKING WEB APPLICATIONS
    (pp. 145-157)

    The Web provides business opportunities that would have been unimaginable only a decade or so ago. Every organization can reach customers globally and provide service, support and communications for clients, employees and business partners – no matter where in the world they are and what time zone they are in. However, the Web is also open for attack 24 hours a day, seven days a week. Attackers can pose a threat to an organization from any country, without ever stepping a foot in the country the organization operates in.

    For the most part, hackers are lazy and will gravitate towards...

  15. CHAPTER 9: PREPARING THE REPORT
    (pp. 158-170)

    The ultimate goal of penetration testing is to help an organization to secure their networks, systems and databases. The pen tester is given the responsibility of providing meaningful information to the client organization, which will enable them to put forward a plan for mitigating any vulnerabilities and developing enhanced security strategies.

    The penetration test report will often include several sections, including a brief summary, a listing of all work done, a detailed list of vulnerabilities found, a ranking of the risk level for each vulnerability, a list of recommendations, and a summary of the tester’s opinion on the overall health...

  16. APPENDIX 1: LINUX
    (pp. 171-172)
  17. APPENDIX 2: ENCRYPTION
    (pp. 173-187)
  18. APPENDIX 3: REGULATIONS AND LEGISLATION
    (pp. 188-194)
  19. APPENDIX 4: INCIDENT MANAGEMENT
    (pp. 195-198)
  20. ADDITIONAL QUESTIONS AND ANSWERS
    (pp. 199-217)
  21. REFERENCES
    (pp. 218-218)
  22. ITG RESOURCES
    (pp. 219-221)