Penetration Testing Module 20 Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Penetration Testing P e n e t r a t i o n T e s t i n g M o d u le 2 0 Engineered by Hackers. Presented by Professionals. C E H E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s v 8 M o d u le 2 0 : P e n e t r a tio n T e s t in g E x a m 3 1 2 - 5 0 Ethical Hacking and Countermeasures Copyright © by EC-C0linCil All Rights Reserved. Reproduction is Strictly Prohibited. Module 20 Page 2873 Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Penetration Testing S e c u r i t y N e w s c UrlAH 1 E H ItbKjl Home ^ News Company Products Contacts O c to b e r 0 2 , 20 1 2 T h e C ity o f T u ls a , O k la h o m a la st w e e k b eg an n o tif y in g re s id e n t s th a t th e ir p e r s o n a l d a ta m a y h av e b ee n ac c es s ed - b u t it n o w t u r n s o u t t h a t t h e a tta c k w a s a p e n e tr a t io n t e s t b y a c o m p a n y t h e c ity h a d h ire d . "C it y o ffic ia ls d i d n 't re aliz e t h a t t h e a p p a re n t b re a c h w a s c a u se d b y t h e s e c u rity f ir m , U ta h - b a se d S e c u rit y M e tric s , u n til a ft e r 9 0 , 0 0 0 le tte rs h ad b ee n s e n t t o p e o p le w h o h ad a p p lie d f o r c it y jo b s o r m a d e c rim e r e p o rt s o n lin e o v e r t h e p as t d e c a de , w a rn in g t h e m t h a t th e ir p e r s o n a l id e n tif ic a tio n in f o r m a t io n m ig h t h a ve b e e n a c c e s se d ," w r ite s T ulsa W o rld 's B ria n B a rb e r. "T h e m a ilin g c o s t th e c ity $ 2 0 ,0 0 0 , o ffic ia ls s a id ." "A n a d d it io n a l $ 25 ,0 0 0 w a s s p e n t o n s e c u rit y c o n s u ltin g s e rv ic e s t o a d d p r o t e c tio n m e a s u re s t o th e w e b s ite ," F O X2 3 N e w s re p o rt s . h ttp://w ww . esecurityplonet. com Q ' ' '׳ ״ C o p y rig h t © b y IG - G c u n c il. A ll R ig h ts R e se rv e d. R e p ro d u c tio n is S t ric tly P ro h ib it e d . \VS Nl S e c u r i t y N e w s C i t y o f T u l s a C y b e r A t t a c k W a s P e n e t r a t i o n T e s t , N o t H a c k Source: http://w w w .esecurityplanet.com The City of Tulsa, Oklahoma last week began notifying residents that th e ir personal data may have been accessed but it now turns out th a t the attack was a penetration test by a company the city had hired. "City officials didn't realize th a t the apparent breach was caused by the security firm , Utah- based SecurityMetrics, until after 90,000 letters had been sent to people w ho had applied for city jobs or made crime reports online over the past decade, warning them that their personal identification inform ation might have been accessed," writes Tulsa W orld's Brian Barber. "The mailing cost the city $20,000, officials said." "An additional $25,000 was spent on security consulting services to add protection measures to the w ebsite," FOX23 News reports. "The third-party consultant had been hired to perform an assessment of the city's netw ork fo r vulnerabilities," w rite NewsOn6.corn's Dee Duren and Lacie Lowry. "The firm used an unfamiliar testing procedure that caused the City to believe its website had been compromised. 'W e had Ethical Hacking and Countermeasures Copyright © by EC-C0IMCil All Rights Reserved. Reproduction is Strictly Prohibited. Module 20 Page 2874 Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Penetration Testing to treat this like a cyber-attack because every indication initially pointed to an attack,' said City Manager Jim Twom bly." "The chief inform ation officer w ho failed to determ ine that the hack was actually part of a penetration test has been placed on adm inistrative leave w ith pay," writes Softpedia's Eduard Kovacs. "In the m eantime, his position will be filled by Tulsa Police Departm ent Captain Jonathan Brook." Copyright 2012 QuinStreet Inc By Jeff Goldman http://www.esecurityplanet.com/network-securitv/citv-of-tulsa-cyber-attack-was- penetration-test-not-hack.html Ethical Hacking and Countermeasures Copyright © by EC-COUIICil All Rights Reserved. Reproduction is Strictly Prohibited. Module 20 Page 2875 Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Penetration Testing M o d u l e O b j e c t i v e s C E H J Security Assessments J Pre-Attack Phase J Vulnerability Assessment J Attack Phase J Penetration Testing J Post-Attack Phase J What Should be Tested? 0 u s J Penetration Testing Deliverable Templates J ROI on Penetration Testing J Pen Testing Roadmap J Types of Penetration Testing J Web Application Testing J Common Penetration Testing J Outsourcing Penetration Testing Techniques Services C o p y rig h t © b y IC-Ccuncil. A ll R ig hts R e s e rv e d . R e p r o d u c t io n is S tr i c t ly P ro h ib it e d . M o d u l e O b j e c t i v e s 1 All the modules discussed so far concentrated on various penetration testing techniques specific to the respective element (web application, etc.), mechanism (IDS, firewall, etc.), or phase (reconnaissance, scanning, etc.). This module summarizes all the penetration tests. This m odule helps you in evaluating the security of an organization and also guides you to make your netw ork or system more secure w ith its counterm easures. Pre-attack Phase Attack Phase Post-attack Phase Penetration Testing Deliverable Templates Pen Testing Roadmap Web Application Testing Outsourcing Penetration Testing Services The module will make you familiarize with: S Security Assessments S Vulnerability Assessments S Penetration Testing S W hat Should be Tested S ROI on Penetration Testing s Types of Penetration Testing 2 Common Penetration Testing Techniques Ethical Hacking and Countermeasures Copyright © by EC-C0linCil All Rights Reserved. Reproduction is Strictly Prohibited. Module 20 Page 2876 Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Penetration Testing C E HM o d u l e F l o w C o p y rig h t © b y iC - C c u n c il. A ll R ig h ts R e s e rv e d . R e p r o d u c tio n is S t ric tly P ro h ib it e d . M o d u l e F l o w 1 For better understanding of penetration testing, this m odule is divided into various sections. Let's begin w ith penetration testing concepts. Pen Testing Concepts ןןןזןןן Types o f Pen Testing Pen Testing Techniques Pen Testing Phases Pen Testing Roadmap O utsourcing Pen Testing Services This section starts w ith basic concept o f penetration testing. In this section, you w ill learn the role of penetration testing in the security assessment and why vulnerability assessment alone is not enough to detect and remove vulnerabilities in the network. Later in this section, you will examine why penetration testing is necessary, how to perform a good penetration test, how to determ ine testing points, testing locations, and so on. Ethical Hacking and Countermeasures Copyright © by EC-C0linCil All Rights Reserved. Reproduction is Strictly Prohibited. Module 20 Page 2877 Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Penetration Testing II S e c u r i t y A s s e s s m e n t s E v e ry o r g a n iz a ti o n u s e s d if fe r e n t t y p e s o f s e c u r ity a s s e s s m e n ts t o v a lid a t e t h e le v e l o f s e c u r it y o n its n e t w o r k r e s o u rc e s w Level of Security I Penetration Testing S e c u rity A s s e s s m e n t C a te g o r ie s Vulnerability Assessments I I Security Audits E F o ca —׳ E a ch t y p e o f s e c u rity a s s e s s m e n t re q u ir e s th e p e o p le c o n d u c tin g t h e a s s e s sm e n t t o h av e d if f e r e n t s k ills Copyright <D by EC Cm h ic H. All Rights Reserved. Reproduction is Strictly Prohibited. S e c u r i t y A s s e s s m e n t s C u Every organization uses different types of security assessments to validate the level of security on its netw ork resources. Organizations need to choose the assessment m ethod that suits the requirements of its situation most appropriately. People conducting different types of security assessments must possess different skills. Therefore, pen testers — if they are employees or outsourced security experts— m ust have a thorough experience of penetration testing. Security assessment categories include security audits, vulnerability assessments, and penetration testing or ethical hacking. - '^ S e c u r i t y A s s e s s m e n t C a t e g o r i e s The security assessment is broadly divided into three categories: 1. Security Audits: IT security audits typically focus on the people and processes used to design, im plem ent, and manage security on a network. There is a baseline involved for processes and policies w ithin an organization. In an IT security audit, the auditor and the organization's security policies and procedures use the specific baseline to audit the organization. The IT m anagem ent usually initiates IT security audits. The National Institute of Standards and Technology (NIST) has an IT security audit manual and associated toolset to conduct the audit; the NIST A utom ated Security Self-Evaluated Tool (ASSET) can be downloaded at http://csrc.nist.R0v/asse t/. In a computer, the security audit technical assessment of a system or application is done manually or autom atic. Ethical Hacking and Countermeasures Copyright © by EC-C0linCil All Rights Reserved. Reproduction is Strictly Prohibited. Module 20 Page 2878 Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Penetration Testing You can perform a manual assessment by using the following techniques: 9 Interviewing the staff e Reviewing application and operating systems access controls 6 Analyzing physical access to the systems. You can perform an automatic assessment by using the follow ing techniques: 9 Generating audit reports 9 M onitoring and reporting the changes in the files 2. V uln e ra b ility Assessm ents: A vulnerability assessment helps you in identifying security vulnerabilities. To perform a vulnerability assessment you should be a very skilled professional. Through proper assessment, threats from hackers (outsiders), form e r employees, internal employees, etc. can be determ ined. 3. Pen e tration Testing: Penetration testing is the act of testing an organization's security by simulating the actions of an attacker. It helps you in determ ining various levels of vulnerabilities and to what extent an external attacker can damage the network, before it actually occurs. Ethical Hacking and Countermeasures Copyright © by EC-COUIICil All Rights Reserved. Reproduction is Strictly Prohibited. Module 20 Page 2879 Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Penetration Testing C o p y rig h t © b y IC-Ccuncil. A ll R ig hts R e s e rv e d . R e p r o d u c t io n is S tr i c t ly P ro h ib it e d . מ S e c u r i t y A u d i t |j י ■ ■J) A security audit is a systematic, measurable technical assessment of how the security policy is employed by the organization. A security audit is conducted to m aintain the security level of the particular organization. It helps you to identify attacks th at pose a threat to the netw ork or attacks against resources that are considered valuable in risk assessment. The security auditor is responsible for conducting security audits on the particular organization. The security auditor works w ith the full knowledge of the organization, at times with considerable inside inform ation, in order to understand the resources to be audited. 9 A security audit is a systematic evaluation of an organization's compliance to a set of established inform ation security criteria. 9 The security audit includes assessment of a system's softw are and hardware configuration, physical security measures, data handling processes, and user practices against a checklist of standard policies and procedures. 9 A security audit ensures th at an organization has and deploys a set of standard inform ation security policies. 9 It is generally used to achieve and dem onstrate compliance to legal and regulatory requirem ents such as HIPPA׳ SOX, PCI-DSS, etc. Ethical Hacking and Countermeasures Copyright © by EC-C0linCil All Rights Reserved. Reproduction is Strictly Prohibited. Module 20 Page 2880 Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Penetration Testing V u l n e r a b i l i t y A s s e s s m e n t C E H UflNM IUkjI **.u . Scanning Tools V u l n e r a b ilit y s c a n n in g t o o ls s e a rc h n e t w o r k s e g m e n ts fo r I P -e n a b le d d e v ic e s a n d e n u m e ra te s y s te m s , O S 's , a n d a p p l ic a t i o n s ^ כ Test S y ste m s/N etw ork Vulnerability scanners can test systems and network devices for exposure to common attacks Additionally, vulnerability scanners can identify common security configuration mistakes C o p y rig h t © b y iC - C c u n c il. A ll R ig h ts R e s e rv e d . R e p r o d u c tio n is S t ric tly P ro h ib it e d . V u l n e r a b i l i t y A s s e s s m e n t A vulnerability assessment is a basic type of security. This assessment helps you in finding the known security weaknesses by scanning a network. W ith the help of vulnerability- scanning tools, you can search netw ork segments for IP-enabled devices and enum erate systems, operating systems, and applications. Vulnerability scanners are capable of identifying device configurations including the OS version running on computers or devices, IP protocols and Transmission Control Protocol/User Datagram Protocol (TCP/UDP) ports that are listening, and applications that are installed on computers. By using vulnerability scanners, you can also identify com m on security mistakes such as accounts that have weak passwords, files and folders w ith weak permissions, default services and applications that might need to be uninstalled, and mistakes in the security configuration of com m on applications. They can search for computers exposed to known or publicly reported vulnerabilities. The software packages that perform vulnerability scanning scan the com puter against the Com m on Vulnerability and Exposures (CVE) index and security bullets provided by the softw are vendor. The CVE is a vendor-neutral listing of reported security vulnerabilities in major operating systems and applications and is maintained at h ttp ://cve.m itre .org /. Vulnerability scanners can test systems and network devices for exposure to common attacks. This includes com m on attacks such as the enum eration of security-related inform ation and denial-of-service attacks. However, it m ust be noted th at vulnerability scanning reports can Ethical Hacking and Countermeasures Copyright © by EC-C0linCil All Rights Reserved. Reproduction is Strictly Prohibited. Module 20 Page 2881 [...]... exploitation of the vulnerability Penetration testing is a methodological approach to security assessment that encompasses the security audit and vulnerability assessment and demonstrates if the vulnerabilities in system can be successfully exploited by attackers TABLE 20. 1: Comparison between Security Audit, Vulnerability Assessment, and Penetration Testing Module 20 Page 2890 Ethical Hacking and Countermeasures... a n n in g , r e g i s t r a r q u e rie s , a n d so on Module 20 Page 2885 Ethical Hacking and Countermeasures Copyright © by EC-COUIICil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Penetration Testing P e n Exam 312-50 Certified Ethical Hacker e t r a t i o n T e s t i n g C E H Penetration testing that is not completed professionally can result in... s tin g 9 U n a n n o u n c e d te s tin g Module 20 Page 2900 Ethical Hacking and Countermeasures Copyright © by EC-COUIICil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Penetration Testing E Exam 312-50 Certified Ethical Hacker x t e r n a l P e n e t r a t i o n T e s t i n g C E H J External penetration testing involves a comprehensive analysis of... e d t e s tin g , a n d m a n u a l te s tin g Module 20 Page 2898 Ethical Hacking and Countermeasures Copyright © by EC-COUIICil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Penetration Testing Exam 312-50 Certified Ethical Hacker T y p e s o f P e n e t r a t i o n E x t e r n a l T e s tin g External testing involves analysis of publicly available... la w e n fo r c e m e n t o rg a n iz a tio n s Module 20 Page 2906 Ethical Hacking and Countermeasures Copyright © by EC-C0linCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Penetration Testing A u t o Exam 312-50 Certified Ethical Hacker m a t e d T e s t i n g C E H U tlilM itfcu l ■*ck•* Automated testing can result in time and cost savings over... e t h e r e m p lo y e e s r o u t i n e l y a ll o w p e o p le w i t h o u t i d e n t i f i c a t i o n Module 20 Page 2886 Ethical Hacking and Countermeasures Copyright © by EC-C0linCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Penetration Testing Exam 312-50 Certified Ethical Hacker t o e n t e r c o m p a n y f a c ilitie s a n d w h e r e t h... e s u lt in c o m m i t t i n g c o m p u t e r c r im e , d e s p it e t h e b e s t i n t e n t i o n s Module 20 Page 2887 Ethical Hacking and Countermeasures Copyright © by EC-COUIICil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Penetration Testing W h Exam 312-50 Certified Ethical Hacker y P © e n e t r a t i o n « Id e n tify t h e th r e a t s... a t i o n - l e v e l s e c u r it y issues t o d e v e l o p m e n t t e a m s a n d m a n a g e m e n t Module 20 Page 2888 Ethical Hacking and Countermeasures Copyright © by EC-C0linCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Penetration Testing e Exam 312-50 Certified Ethical Hacker It p r o v id e s a c o m p r e h e n s i v e a p p r o a c... is t in g i n f r a s t r u c t u r e o f s o f t w a r e , h a r d w a r e , o r n e t w o r k d e s ig n Module 20 Page 2889 Ethical Hacking and Countermeasures Copyright © by EC-COUIICil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Penetration Testing Exam 312-50 Certified Ethical Hacker C o m p a r in g S e c u rity A u d it, V u ln e r a b ility A... m e n t E x a m p le s o f v u l n e r a b i l i t y s c a n n e rs in c lu d e N e ssu s a nd R e tin a Module 20 Page 2883 Ethical Hacking and Countermeasures Copyright © by EC-C0linCil All Rights Reserved Reproduction is Strictly Prohibited Ethical Hacking and Countermeasures Penetration Testing Exam 312-50 Certified Ethical Hacker I n t r o d u c t i o n to P e n e t r a t io n C E H T e s t . Phase J Penetration Testing J Post-Attack Phase J What Should be Tested? 0 u s J Penetration Testing Deliverable Templates J ROI on Penetration Testing J Pen Testing Roadmap J Types of Penetration Testing J Web. S Vulnerability Assessments S Penetration Testing S W hat Should be Tested S ROI on Penetration Testing s Types of Penetration Testing 2 Common Penetration Testing Techniques Ethical Hacking. Phase Attack Phase Post-attack Phase Penetration Testing Deliverable Templates Pen Testing Roadmap Web Application Testing Outsourcing Penetration Testing Services The module will make you familiarize