Download presentation
Presentation is loading. Please wait.
Published byDakota Tarvin Modified over 9 years ago
1
BAI514 – Security I
2
Penetration Testing Overview Penetration testing is a security testing methodology that gives an insight into the target’s security posture and the strength of the target’s network security
3
Penetration Testing Overview Security snapshot includes Level I – High-level assessment Top-down look at the organization Policies Procedures Standards Guidelines Not hands on System security not actually tested
4
Penetration Testing Overview Security snapshot includes (cont.) Level II – Network evaluation Some Level 1 activities More hands on More information gathering
5
Penetration Testing Overview Security snapshot includes (cont.) Level III – Penetration test Not usually concerned with policies Takes the adversarial view of a hacker See what can be accomplished and with what difficulty
6
Penetration Testing Overview Reason to conduct a penetration test of an organization is the same as the reason to have a security policy To leverage due diligence and due care data protection for the preservation of the organization’s capital investment
7
Penetration Testing Overview Factors that make penetration testing a necessity Technology has focused on the ease of use at the operational end Skill level required to execute a hacker exploit has steadily decreased Size and complexity of network and web-based applications has increased Detrimental impact of a security breach on corporate assets and goodwill is greater than ever
8
Penetration Testing Overview Penetration testing is usually carried out in a black-box mode Penetration testing involves three phases Preparation phase Formal contract is executed containing nondisclosure of the client’s data and legal protection for the tester Scope, timing, depth, etc. Execution phase Testing is executed All vulnerabilities are recorded Delivery phase Results are communicated to the organization Corrective action is advised
9
Legal and Ethical Implications Attacking a network from the outside carries ethical and legal risk to the tester, and remedies and protections must be spelled out in detail before the test is begun US Cyber Security Enhancement Act 2002 implicates life sentences for hackers who “recklessly” endanger the lives of others US Statute 1030, Fraud and Related Activity in Connection with Computers states that whoever intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage or impairs medical treatment, can receive a fine or imprisonment of five to 20 years
10
Legal and Ethical Implications Penetration testers MUST receive specific written permission to conduct the test from the most senior executive possible Testers should be specifically indemnified against prosecution for the work of testing
11
The Three Pretest Phases The three pretest phases Footprinting Scanning Enumerating
12
The Three Pretest Phases Reconnaissance follows seven steps Gather initial information Determine the network range Identify active machines Discover open ports and access points Fingerprint the operating system(s) Uncover services on ports Map the network
13
Penetration Testing Tools and Techniques Gather as much information from public sources Whois Nslookup ARIN Traceroute (tracert) Google
14
Penetration Testing Tools and Techniques Port Scanners Port scanning is one of the most common reconnaissance techniques used by penetration testers to discover vulnerabilities in services listening to well-known ports Nmap SuperScan SATAN SARA Etc…
15
Penetration Testing Tools and Techniques Vulnerability Scanners Nessus is a popular open-source network scanner that can run numerous scans Windows GUI available Linux based Microsoft Baseline Security Analyzer Free Windows vulnerability scanner Retina Network Security Scanner Popular commercial vulnerability scanner Runs on Windows
16
Penetration Testing Tools and Techniques Password Crackers Three basic types of password-cracking tests Dictionary Hybrid Brute force Common tools Brutus WebCracker ObiWan Ophcrack John the Ripper
17
Penetration Testing Tools and Techniques Trojan Horses Program that performs unknown and unwanted funtions An unauthorized program contained within a legitimate program A legitimate program that has been altered by the placement of unauthorized code within it Any program that appears to perform a desirable and necessary function but does something unintended
18
Penetration Testing Tools and Techniques Trojan Horses (cont.) Transmitted in several ways Email attachments Freeware Physical installation IRC chat Infected websites Cracked/Pirated software Unlike worms, trojans don’t self-replicate
19
Penetration Testing Tools and Techniques Trojan Horses (cont.) Type of Trojans Remote Access Trojan Keylogger or password sending Trojans Software detection killers Purely evil (destructive)
20
Penetration Testing Tools and Techniques Buffer Overflows Occurs when a program allocates a specific block length of memory for something but then attempts to store more data than the block was intended to hold Can overwrite memory areas and interfere with execution of programs Can allow an intruder to load a remote shell or execute a command The attacker must create a specific data feed to induce the error
21
Penetration Testing Tools and Techniques Buffer Overflows (cont.) For a buffer overflow to work, the target system must fail to test the data or stack segment Once the stack is smashed, the attacker can deploy their payload and take control of the target system
22
Penetration Testing Tools and Techniques Buffer Overflows (cont.) Three ways to test for a buffer overflow vulnerability Look for strings declared as local variables in functions or methods Verify boundary checks are in the source code Check for improper use of input/output or string functions Feed the application large amounts of data and check for abnormal behavior
23
Penetration Testing Tools and Techniques SQL Injection Attack Class of injection exploits that occur when one scripting is embedded inside another scripting language SQL commands are added to input fields in program or web page ‘ or 1=1 Preventing SQL injection requires enforcing better coding practices
24
Penetration Testing Tools and Techniques Cross Site Scripting Web attacks are successful because they are not noticed immediately An XSS vulnerability is created by the failure of a web- based application to validate user-supplied input before returning it to the client system Attacker can craft malicious URLs and trick users into clicking on them The links enable the attacker’s client-side scripting language, such as Javascript or Vbscript, to execute on the victim’s browser
25
Wireless Network Penetration Testing Two main drivers for the popularity of wireless networking Ease of implementation Cost effectiveness Most common wireless LAN standards defined by IEEE’s 802.11 working group 802.11b 802.11g 802.11n
26
Wireless Network Penetration Testing War Driving The term used to describe the process of a hacker who, armed with a laptop and a wireless adapter card and traveling by car, bus, subway, train, or other form of mechanized transport, goes around sniffing for WLANs Common war-driving exploits find many wireless networks using only SSID for access control These networks are susceptible to parking lot attack
27
Wireless Network Penetration Testing WLAN Vulnerabilities Same protocol-based attacks as wired LANs Have their own set of unique vulnerabilities SSID Issues Service Set Identifier is an identification value set in the access point to identify the local wireless network The SSID acts like a simple password Wireless access points are configured to broadcast the SSID Many APs use default SSIDs
28
Wireless Network Penetration Testing WEP Weaknesses Wired Equivalent Privacy is a component of the IEEE 802.11 WLAN standard Data encrypted at the data link layer using RC4 encryption Vulnerable due to relatively short keys that remain static 64-Bit shared key Must be configured on each client
29
Wireless Network Penetration Testing WEP Weaknesses (cont.) Not designed to withstand a directed cryptographic attack Utilities capable of exploiting RC4 vulnerability AirSnort WEPCrack Vulnerable to DoS attacks Interference Flooding
30
Wireless Network Penetration Testing WEP Weaknesses (cont.) Other techniques to DoS wireless devices Request for authentication at such frequency as the disrupt legitimate traffic Request deauthentication of legitimate users Mimic the behavior of an AP to convince users to connect to it Repeatedly transmit RTS/CTS frames to silence the network
31
Wireless Network Penetration Testing MAC Address Vulnerabilities Easily sniffed Attacker can masquerade as a valid MAC MAC spoofing is VERY easy
32
Wireless Network Penetration Testing Wireless Scanning Tools NetStumbler – displays APs MiniStumbler – designed for Windows Mobile AirSnort – cracks WEP keys Kismet – wireles IDS and sniffer SSID Sniff – displays APs AirMagnet – wireless sniffer AiroPeek – wireless sniffer Wireshark – all purpose sniffer
33
Wireless Network Penetration Testing Wireless Vulnerabilities Countermeasures Change the AP’s default admin password Change the default SSID Disable the Broadcast SSID function Enable WPA Implement MAC filtering Limit radio emanations Locate AP in DMZ Implement VPNs Disable DHCP server
34
Social Engineering The acquisition of sensitive information or inappropriate access privileges by an outsider by manipulating people Exploits the human side of computing Hardest form of attack to defend against Divided into two types Human-based – person to person Computer-based – uses software to automate information gathering
35
Social Engineering Common techniques Asserting authority or pulling rank Professing to have authority Browbeating subject Praising, flattering, or sympathizing Using positive reinforcement to coerce Only defense is a security policy and awareness
36
Intrusion Detection System (IDS) Monitors packets on the network and looks for signs of an attack Two types Signature based Anomaly based
37
Intrusion Detection System (IDS) Methods IDSs use to identify attacks Protocol Stack Verification Verifies valid values in protocol fields Application Protocol Verification Verifies valid packet intent
38
FIN
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.