Upload
shitesh-sachan
View
523
Download
9
Tags:
Embed Size (px)
DESCRIPTION
penetration testing
Citation preview
Introduction To Penetration Testing
Paul Asadoorian, GCIA, GCIHPaulDotCom Enterprises, LLC
http://pauldotcom.com
Outline
• Why should we perform assessments?
• Security Assessment classifications
• Future of security assessments
Why Hack Yourself?
• Security assessments help organizations to:
• Understand threats for better defense
• Determine risk to make informed IT decisions
• Test incident handling procedures, intrusion detection systems, and other security
• TSA is a good example
Risk = Threat x Vulnerability
“Risk is a function of the likelihood of a given threat-source's exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization.”
Assessment Classifications
• Target Identification
• Portscanning
• Vulnerability Scanning
• Penetration Testing
• Web Application Testing
• Client-Side Exploits
• Source Code Auditing
• “Ethical Hacking” Components
Target Identification
• Local scans, use ARP
• Remote test, use common ports, be sneaky
• RDP (!), SSH known_hosts, netstat, DNS
• Tools
• Nmap - ARP scanning
• nbtscan - NetBIOS scanner, fast!
• Cain & Abel - ARP Scanner
• Superscan - Foundstone tool
Portscanning
• Find open ports on a host
• Often includes service and OS fingerprinting
• Tools include Nmap & Nessus
PORT STATE SERVICE VERSION135/tcp open msrpc Microsoft Windows RPC445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds3052/tcp open powerchute APC PowerChute Agent 6.X
Nmap In The Movies!
Vulnerability Scanning
• Looks at the open port
• Determines the service running
• Performs more actions to determine if a service contains known vulnerabilities
• Tools include Nessus and other specialized applications
Vulnerability Scanning
• Looks at the open port
• Determines the service running
• Performs more actions to determine if a service contains known vulnerabilities
• Tools include Nessus and other specialized applications
IT Staff can perform this testing on their own with inProtect
Penetration Testing
• Takes and identified port, associated service which contains vulnerabilities
• Uses an exploit to gain unauthorized access to the target system
• Tools include Metasploit, CANVAS, & Core IMPACT
• Used to find and compile random exploits
Web Application Testing
• Looks for vulnerabilities in web applications on the web server
• SQL Injection
• Remote File Include
• Cross-Site Scripting
• Manipulate the applications to gain unauthorized access
• Commercial tools include AppScan and WebInspect
Client-Side Penetration Testing
• Attempts to exploit applications on a users desktop system
• Sending email to the user with hopes they will click a link or open an attachment
• Requires the users email address and a server reachable from the clients
• Core IMPACT is able to automate this testing
Fun to put images on user’s desktops!
Fun to put images on user’s desktops!
Source Code Auditing
• Analyze the source code of applications, looking for vulnerabilities
• Tools include DevInspect and Ounce
Ethical Hacking
• Information Gathering
• Social Engineering
• Password Cracking (remote & local)
• War Dialing
• Wireless (WifI, Bluetooth)
• VoIP, Blackberry, Smartphones, etc...
Future Tactics
• Attacking mobile devices, printers, cameras, access points, wireless routers
• Protocol Attacks (WiMax, Bluetooth, EVDO, GSM)
Assessments must always continue to help analyze risk!
/* End */
• Email: [email protected]
• Web: http://pauldotcom.com - Podcast, Blog, Mailing List, IRC Channel, Wiki