Presentation is loading. Please wait.

Presentation is loading. Please wait.

Penetration Testing.

Published byBeverly Lee Modified over 8 years ago

Similar presentations

Presentation on theme: "Penetration Testing."— Presentation transcript:

1 Penetration Testing

2 What is Penetration Testing?
AKA “Pentesting” An attack on a computer system with the intention of finding security weaknesses. Performed by sysadmins or trusted agents.

3 How is this different from hacking?
“Black-hat hackers” violate computer security for maliciousness or personal gain. “White-hat hackers” break security for non-malicious purposes, usually when performing authorized security tests. “Grey-hat hackers” rationalize that they are acting moral when they are not. e.g.: Breaking into systems for fun, then ing the sysadmin to tell them about the security hole.

4 What are the goals of Pentesting?
Discover network or application vulnerabilities. Determine feasibility of particular set of attack vectors. Assess the magnitude of business& operational impacts of a successful attack. Test capability of network defenses.

5 Successful attacks against gov’t computers, as reported to CERT*
*US-Computer Emergency Response Team

6 Attempted attacks Pentagon: 10,000,000 attempts each day
Nat’l Nuclear Security Agency: 10,000,000/day From the same document... Michigan: 120,000 attacher per day U.K. 120,000 attacks per day Utah: 20,000,000 attacks each day Multiple definitions of attack & attempt? Do not blindly believe any numbers you read.

7 5 Phases of a network attack
Reconnaissance Scanning Penetration Covering Tracks Maintaining Access Pentesting generally focuses on Steps 1-3

8 Reconnaissance Common means: Google whois
Collecting data on the target passively. Multiple interpretations: sending no electrons to the target network, or only sending electrons through means that are normally authorized, such as reading the public website. Common means: Google whois

9 Reconnaissance nslookup www.usna.edu
IP address Server name search for usna.edu Physical address Name of sysadmins (people with root access) Names/IP of DNS servers

10 Reconnaissance nslookup www.usna.edu
IP address Server name search for usna.edu Physical address Name of sysadmins (people with root access) Names/IP of DNS servers

11 Reconnaissance Google for URL prefixes (different servers) ...
site:usna.edu site:usna.edu – site:usna.edu – –libguides.usna.edu ... Run nslookup to find name/IP of each server nslookup libguides.usna.edu nslookup aisweb.usna.edu

12 Reconnaissance URL IP Server Name webster-new.dmz.usna.edu libguides.usna.edu libguides.com aisweb.usna.edu aeisenhower.dmz.usna.edu library.usna.edu lists.usna.edu Exercise: In 10 minutes, find out as much as you can about the USMA network.

13 Scanning Collecting data on the target by sending packets at it.
Find existence of hosts at IP addresses. Find open ports on hosts. Detemine versions of services on hosts. Determine OS of host. Tends to be “noisy” (lots of packets) May be construed as an attack. Never do this without written permission.

14 Scanning Host Discovery nmap is the #1 scanning tool “Network Mapper”
nmap –sn /24 # Determine which IPs are online Exercise: what messages does nmap send for this command? arp, TCP SYN to ports 80, 443, 53 nmap –sL /24 # List IPs only None

15 Scanning Host Discovery (cont) – using extra ports in scan:
nmap –sn –PS /24 # TCP SYN Ping Exercise: what mechanism does nmap use for this command? arp, TCP to ports 22-25

16 Scanning Enumerate Open Ports: # SYN only, never sends ACK or reset.
# List of ports & protocols by usage less /usr/share/nmap/nmap-service # Selects only the 5 top ports from this file nmap –-top-ports nmap # TCP SYN Scan (default, same as –sS) # SYN only, never sends ACK or reset. # Stealthy, since not logged, but can consume target’s resources.

17 Scanning Enumerate Open Ports (cont):
nmap –sT # TCP Connect Scan # SYN/SYN-ACK/ACK-Reset # Gets logged, less likely to crash target server. nmap –sA # TCP ACK Scan # Send ACK to a host we are not talking to. # Host may reply by sending a Reset to indicate there is no connection.

18 Scanning Version detection: OS detection:
nmap –sV # Enables service versioning OS detection: nmap –O # Enables OS detection nmap –O –-osscan-guess nmap –O –-fuzzy

19 Pentest admin Signed agreement. In-house vs. Outsourced
“Get out of jail free card.” Never send any electrons to the target network without one Scope – range if IPs, type of tests, etc. Damage control Indemnification In-house vs. Outsourced Trust? Can a sysadmin reasonably pentest their own network?

Download ppt "Penetration Testing."

Similar presentations

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
Computer Security Fundamentals

Computer Security Fundamentals
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
IP Network Scanning.

IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.

Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.

9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.

Similar presentations

Ads by Google