Penetration Testing.

Slides:



Advertisements
Similar presentations
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Advertisements

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Lesson 3-Hacker Techniques
Computer Security Fundamentals
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Computer Security and Penetration Testing
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Port Scanning.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Ana Chanaba Robert Huylo
 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
AppSec USA 2014 Denver, Colorado nmap 101 An introduction to the timeless network scanner.
Port Scanning 0x470~0x480 Presenter SangDuk Seo 1.
CS391 Computer & Network Security
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
CIS 450 – Network Security Chapter 3 – Information Gathering.
--Harish Reddy Vemula Distributed Denial of Service.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Snort & Nmap Mike O’Connor Eric Tallman Matt Yasiejko.
Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.
1 Lab 1: Reconnaissance, Network Mapping, and Vulnerability Assessment Reconnaissance Scanning Network Mapping Port Scanning OS detection Vulnerability.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
Footprinting and Scanning
Hands-On Ethical Hacking and Network Defense
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
Filip Chytrý Everyone of you in here can help us improve online security....
Network and Port Scanning Chien-Chung Shen
 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.
Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Jen Beveridge and Joe Kolenda. Developed by Gordon Lyon Features –Host discovery –Port scanning –Version detecting –OS detection –Scriptable interaction.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Protection (tools).
Jen Beveridge and Joe Kolenda
Penetration Testing Scanning
Enumeration The First Step.
Port Scanning James Tate II
Footprinting and Scanning
Foot Printing / Scanning Tools Lect 4 – NETW 4006
Footprinting (definition 1)
Footprinting and Scanning
6. Operating Systems Finger printing & Scanning
FootPrinting CS391.
How hackers do it Ron Woerner Security Administrator CSG Systems, Inc.
Presentation transcript:

Penetration Testing

What is Penetration Testing? AKA “Pentesting” An attack on a computer system with the intention of finding security weaknesses. Performed by sysadmins or trusted agents.

How is this different from hacking? “Black-hat hackers” violate computer security for maliciousness or personal gain. “White-hat hackers” break security for non-malicious purposes, usually when performing authorized security tests. “Grey-hat hackers” rationalize that they are acting moral when they are not. e.g.: Breaking into systems for fun, then emailing the sysadmin to tell them about the security hole.

What are the goals of Pentesting? Discover network or application vulnerabilities. Determine feasibility of particular set of attack vectors. Assess the magnitude of business& operational impacts of a successful attack. Test capability of network defenses.

Successful attacks against gov’t computers, as reported to CERT* *US-Computer Emergency Response Team

Attempted attacks Pentagon: 10,000,000 attempts each day Nat’l Nuclear Security Agency: 10,000,000/day From the same document... Michigan: 120,000 attacher per day U.K. 120,000 attacks per day Utah: 20,000,000 attacks each day Multiple definitions of attack & attempt? Do not blindly believe any numbers you read.

5 Phases of a network attack Reconnaissance Scanning Penetration Covering Tracks Maintaining Access Pentesting generally focuses on Steps 1-3

Reconnaissance Common means: Google whois Collecting data on the target passively. Multiple interpretations: sending no electrons to the target network, or only sending electrons through means that are normally authorized, such as reading the public website. Common means: Google whois

Reconnaissance nslookup www.usna.edu IP address Server name http://www.whois.net, search for usna.edu Physical address Name of sysadmins (people with root access) Names/IP of DNS servers

Reconnaissance nslookup www.usna.edu IP address Server name http://www.whois.net, search for usna.edu Physical address Name of sysadmins (people with root access) Names/IP of DNS servers

Reconnaissance Google for URL prefixes (different servers) ... site:usna.edu site:usna.edu –www.usna.edu site:usna.edu –www.usna.edu –libguides.usna.edu ... Run nslookup to find name/IP of each server nslookup libguides.usna.edu nslookup aisweb.usna.edu

Reconnaissance URL IP Server Name www.usna.edu 136.160.88.139 webster-new.dmz.usna.edu libguides.usna.edu 174.132.16.38 libguides.com aisweb.usna.edu 136.160.88.133 aeisenhower.dmz.usna.edu library.usna.edu 136.160.88.140 lists.usna.edu 136.160.89.10 … Exercise: In 10 minutes, find out as much as you can about the USMA network.

Scanning Collecting data on the target by sending packets at it. Find existence of hosts at IP addresses. Find open ports on hosts. Detemine versions of services on hosts. Determine OS of host. Tends to be “noisy” (lots of packets) May be construed as an attack. Never do this without written permission.

Scanning Host Discovery nmap is the #1 scanning tool “Network Mapper” nmap –sn 10.10.1.0/24 # Determine which IPs are online Exercise: what messages does nmap send for this command? arp, TCP SYN to ports 80, 443, 53 nmap –sL 10.10.1.0/24 # List IPs only None

Scanning Host Discovery (cont) – using extra ports in scan: nmap –sn –PS22-25 10.10.1.0/24 # TCP SYN Ping Exercise: what mechanism does nmap use for this command? arp, TCP to ports 22-25

Scanning Enumerate Open Ports: # SYN only, never sends ACK or reset. # List of ports & protocols by usage less /usr/share/nmap/nmap-service # Selects only the 5 top ports from this file nmap –-top-ports 5 10.10.1.10 nmap 10.10.1.10 # TCP SYN Scan (default, same as –sS) # SYN only, never sends ACK or reset. # Stealthy, since not logged, but can consume target’s resources.

Scanning Enumerate Open Ports (cont): nmap –sT 10.10.1.10 # TCP Connect Scan # SYN/SYN-ACK/ACK-Reset # Gets logged, less likely to crash target server. nmap –sA 10.10.1.10 # TCP ACK Scan # Send ACK to a host we are not talking to. # Host may reply by sending a Reset to indicate there is no connection.

Scanning Version detection: OS detection: nmap –sV 10.10.1.10 # Enables service versioning OS detection: nmap –O 10.10.1.10 # Enables OS detection nmap –O –-osscan-guess 10.10.1.10 nmap –O –-fuzzy 10.10.1.10

Pentest admin Signed agreement. In-house vs. Outsourced “Get out of jail free card.” Never send any electrons to the target network without one Scope – range if IPs, type of tests, etc. Damage control Indemnification In-house vs. Outsourced Trust? Can a sysadmin reasonably pentest their own network?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.