Presentation is loading. Please wait.

Presentation is loading. Please wait.

BAI514 – Security I. Penetration Testing Overview Penetration testing is a security testing methodology that gives an insight into the target’s security.

Similar presentations


Presentation on theme: "BAI514 – Security I. Penetration Testing Overview Penetration testing is a security testing methodology that gives an insight into the target’s security."— Presentation transcript:

1 BAI514 – Security I

2 Penetration Testing Overview Penetration testing is a security testing methodology that gives an insight into the target’s security posture and the strength of the target’s network security

3 Penetration Testing Overview Security snapshot includes Level I – High-level assessment Top-down look at the organization Policies Procedures Standards Guidelines Not hands on System security not actually tested

4 Penetration Testing Overview Security snapshot includes (cont.) Level II – Network evaluation Some Level 1 activities More hands on More information gathering

5 Penetration Testing Overview Security snapshot includes (cont.) Level III – Penetration test Not usually concerned with policies Takes the adversarial view of a hacker See what can be accomplished and with what difficulty

6 Penetration Testing Overview Reason to conduct a penetration test of an organization is the same as the reason to have a security policy To leverage due diligence and due care data protection for the preservation of the organization’s capital investment

7 Penetration Testing Overview Factors that make penetration testing a necessity Technology has focused on the ease of use at the operational end Skill level required to execute a hacker exploit has steadily decreased Size and complexity of network and web-based applications has increased Detrimental impact of a security breach on corporate assets and goodwill is greater than ever

8 Penetration Testing Overview Penetration testing is usually carried out in a black-box mode Penetration testing involves three phases Preparation phase Formal contract is executed containing nondisclosure of the client’s data and legal protection for the tester Scope, timing, depth, etc. Execution phase Testing is executed All vulnerabilities are recorded Delivery phase Results are communicated to the organization Corrective action is advised

9 Legal and Ethical Implications Attacking a network from the outside carries ethical and legal risk to the tester, and remedies and protections must be spelled out in detail before the test is begun US Cyber Security Enhancement Act 2002 implicates life sentences for hackers who “recklessly” endanger the lives of others US Statute 1030, Fraud and Related Activity in Connection with Computers states that whoever intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage or impairs medical treatment, can receive a fine or imprisonment of five to 20 years

10 Legal and Ethical Implications Penetration testers MUST receive specific written permission to conduct the test from the most senior executive possible Testers should be specifically indemnified against prosecution for the work of testing

11 The Three Pretest Phases The three pretest phases Footprinting Scanning Enumerating

12 The Three Pretest Phases Reconnaissance follows seven steps Gather initial information Determine the network range Identify active machines Discover open ports and access points Fingerprint the operating system(s) Uncover services on ports Map the network

13 Penetration Testing Tools and Techniques Gather as much information from public sources Whois Nslookup ARIN Traceroute (tracert) Google

14 Penetration Testing Tools and Techniques Port Scanners Port scanning is one of the most common reconnaissance techniques used by penetration testers to discover vulnerabilities in services listening to well-known ports Nmap SuperScan SATAN SARA Etc…

15 Penetration Testing Tools and Techniques Vulnerability Scanners Nessus is a popular open-source network scanner that can run numerous scans Windows GUI available Linux based Microsoft Baseline Security Analyzer Free Windows vulnerability scanner Retina Network Security Scanner Popular commercial vulnerability scanner Runs on Windows

16 Penetration Testing Tools and Techniques Password Crackers Three basic types of password-cracking tests Dictionary Hybrid Brute force Common tools Brutus WebCracker ObiWan Ophcrack John the Ripper

17 Penetration Testing Tools and Techniques Trojan Horses Program that performs unknown and unwanted funtions An unauthorized program contained within a legitimate program A legitimate program that has been altered by the placement of unauthorized code within it Any program that appears to perform a desirable and necessary function but does something unintended

18 Penetration Testing Tools and Techniques Trojan Horses (cont.) Transmitted in several ways attachments Freeware Physical installation IRC chat Infected websites Cracked/Pirated software Unlike worms, trojans don’t self-replicate

19 Penetration Testing Tools and Techniques Trojan Horses (cont.) Type of Trojans Remote Access Trojan Keylogger or password sending Trojans Software detection killers Purely evil (destructive)

20 Penetration Testing Tools and Techniques Buffer Overflows Occurs when a program allocates a specific block length of memory for something but then attempts to store more data than the block was intended to hold Can overwrite memory areas and interfere with execution of programs Can allow an intruder to load a remote shell or execute a command The attacker must create a specific data feed to induce the error

21 Penetration Testing Tools and Techniques Buffer Overflows (cont.) For a buffer overflow to work, the target system must fail to test the data or stack segment Once the stack is smashed, the attacker can deploy their payload and take control of the target system

22 Penetration Testing Tools and Techniques Buffer Overflows (cont.) Three ways to test for a buffer overflow vulnerability Look for strings declared as local variables in functions or methods Verify boundary checks are in the source code Check for improper use of input/output or string functions Feed the application large amounts of data and check for abnormal behavior

23 Penetration Testing Tools and Techniques SQL Injection Attack Class of injection exploits that occur when one scripting is embedded inside another scripting language SQL commands are added to input fields in program or web page ‘ or 1=1 Preventing SQL injection requires enforcing better coding practices

24 Penetration Testing Tools and Techniques Cross Site Scripting Web attacks are successful because they are not noticed immediately An XSS vulnerability is created by the failure of a web- based application to validate user-supplied input before returning it to the client system Attacker can craft malicious URLs and trick users into clicking on them The links enable the attacker’s client-side scripting language, such as Javascript or Vbscript, to execute on the victim’s browser

25 Wireless Network Penetration Testing Two main drivers for the popularity of wireless networking Ease of implementation Cost effectiveness Most common wireless LAN standards defined by IEEE’s working group b g n

26 Wireless Network Penetration Testing War Driving The term used to describe the process of a hacker who, armed with a laptop and a wireless adapter card and traveling by car, bus, subway, train, or other form of mechanized transport, goes around sniffing for WLANs Common war-driving exploits find many wireless networks using only SSID for access control These networks are susceptible to parking lot attack

27 Wireless Network Penetration Testing WLAN Vulnerabilities Same protocol-based attacks as wired LANs Have their own set of unique vulnerabilities SSID Issues Service Set Identifier is an identification value set in the access point to identify the local wireless network The SSID acts like a simple password Wireless access points are configured to broadcast the SSID Many APs use default SSIDs

28 Wireless Network Penetration Testing WEP Weaknesses Wired Equivalent Privacy is a component of the IEEE WLAN standard Data encrypted at the data link layer using RC4 encryption Vulnerable due to relatively short keys that remain static 64-Bit shared key Must be configured on each client

29 Wireless Network Penetration Testing WEP Weaknesses (cont.) Not designed to withstand a directed cryptographic attack Utilities capable of exploiting RC4 vulnerability AirSnort WEPCrack Vulnerable to DoS attacks Interference Flooding

30 Wireless Network Penetration Testing WEP Weaknesses (cont.) Other techniques to DoS wireless devices Request for authentication at such frequency as the disrupt legitimate traffic Request deauthentication of legitimate users Mimic the behavior of an AP to convince users to connect to it Repeatedly transmit RTS/CTS frames to silence the network

31 Wireless Network Penetration Testing MAC Address Vulnerabilities Easily sniffed Attacker can masquerade as a valid MAC MAC spoofing is VERY easy

32 Wireless Network Penetration Testing Wireless Scanning Tools NetStumbler – displays APs MiniStumbler – designed for Windows Mobile AirSnort – cracks WEP keys Kismet – wireles IDS and sniffer SSID Sniff – displays APs AirMagnet – wireless sniffer AiroPeek – wireless sniffer Wireshark – all purpose sniffer

33 Wireless Network Penetration Testing Wireless Vulnerabilities Countermeasures Change the AP’s default admin password Change the default SSID Disable the Broadcast SSID function Enable WPA Implement MAC filtering Limit radio emanations Locate AP in DMZ Implement VPNs Disable DHCP server

34 Social Engineering The acquisition of sensitive information or inappropriate access privileges by an outsider by manipulating people Exploits the human side of computing Hardest form of attack to defend against Divided into two types Human-based – person to person Computer-based – uses software to automate information gathering

35 Social Engineering Common techniques Asserting authority or pulling rank Professing to have authority Browbeating subject Praising, flattering, or sympathizing Using positive reinforcement to coerce Only defense is a security policy and awareness

36 Intrusion Detection System (IDS) Monitors packets on the network and looks for signs of an attack Two types Signature based Anomaly based

37 Intrusion Detection System (IDS) Methods IDSs use to identify attacks Protocol Stack Verification Verifies valid values in protocol fields Application Protocol Verification Verifies valid packet intent

38 FIN


Download ppt "BAI514 – Security I. Penetration Testing Overview Penetration testing is a security testing methodology that gives an insight into the target’s security."

Similar presentations


Ads by Google