Objective: Test a network’s defenses by simulating the techniques used by external intruders.
Techniques:
- Scanning and Probing: Use of port scanners to identify open ports.
- Demon Dialing: War dialing to find modems connected to the network.
- Sniffing: Capturing and analyzing data packets.
- Dumpster Diving: Searching paper disposal areas for sensitive information.
- Social Engineering: The most common method; obtaining information by manipulating people.
Penetration Testing Types:
- Blue Team:
- Internal team with knowledge of the organization.
- Can be performed frequently.
- Least expensive.
- Red Team:
- External team acting as stealthy attackers.
- White Box Testing:
- The ethical hacker has full knowledge, including access to the codebase.
- Views the system as a developer would.
- Grey Box Testing:
- The ethical hacker has partial knowledge of the system.
- Acts as a user with some understanding of the system.
- Black Box Testing:
- The ethical hacker has no prior knowledge of the system.
- Approaches the system as an external intruder would.
Stages of Penetration Testing:
- Planning: Define the scope and goals.
- Discovery: Gather information and identify vulnerabilities.
- Attack: Exploit vulnerabilities to gain access.
- Reporting: Document findings and suggest remediation.
Vulnerabilities Exploited:
- Kernel Flaws
- Buffer Overflows
- Symbolic Links
- File Descriptor Attacks
Penetration Testing Models:
- Footprinting: Gathering information about the network.
- Port Scanning: Identifying open ports.
- Vulnerability Mapping: Identifying vulnerabilities.
- Exploitation: Taking advantage of identified vulnerabilities.
- Reporting: Documenting the findings.
Methodologies:
- Flaw Hypotheses Methodology: Often used in operating system penetration testing.
- Egregious Hole: If a severe vulnerability is found, it must be reported immediately.
Strategies:
- External Testing: Simulating attacks from outside the organization.
- Internal Testing: Simulating an attack from within the organization.
- Blind Testing: The tester has no prior knowledge of the system.
- Double-Blind Testing: Both the testers and defenders are unaware of the test.
Categories of Tests:
- Zero Knowledge: No prior information is available to the tester.
- Partial Knowledge: Some information is provided.
- Full Knowledge: The tester has complete information about the system.