Ethical Hacking and penetration testing are common terms, popular in information security environment
for a long time. Increase in cybercrimes and hacking create a great
challenge for security experts and analyst and regulations over the last
decade. It is a popular war between hackers and security professionals. CEH v10 Ethical Hacking Concepts and scope
Fundamental challenges to
these security experts are of finding weakness and deficiencies in
running and upcoming systems, applications, software and addressing them
proactively/. It is less costly to investigate proactively before an
attack instead of investigating after falling into an attack, or while
dealing with an atttack. For security aspect, prevention and protection, organizations
have their penetration testing teams internally as well contracted
outside professional experts when and if they are needed depending on
the severity and scope of the attack.
Penetration Testing
In the ethical hacking environment, the most common term that often ises is pentester. Pentesters are the penetration tester that has permission to hack a system by owner. Penetration testing is the process of a hacking a system with the permission from the owner of that system, to evaluate security, Hack value, Target of evaluation (TOE), attakcs, exploit, zero-day vulnerability & other compoenents such as threats, vulnerabilities, and daisy chaining.CEH v10 Penetration Testing
Why Penetration Testing
1) Identify the threats facing an organization's information assets.
2) Reduce an organization's expenditure on IT security and enhance Return On
Security Investment (ROSI) by identifying and remediating vulnerabilities or weaknesses.
3) Provide assurance with comprehensive assessment of organization's security including policy, procedure, design, and implementation.
4) Gain and maintain certification to an industry regulation (BS7799, HIPAA etc.).
5) Adopt best practices in compliance to legal and industry regulations.
6) For testing and validating the efficiency of security protections and controls.
7) For changing or upgrading existing infrastructure of software, hardware, or
network design.CEH v10 Course Outline
8) Focus on high-severity vulnerabilities and emphasize application-level security issues to development teams and management.
9) Provide a comprehensive approach of preparation steps that can be taken to prevent upcoming exploitation.
9) Provide a comprehensive approach of preparation steps that can be taken to prevent upcoming exploitation.
10) Evaluate the efficiency of network security devices such as firewalls, routers, and web servers.
Comparing Security Audit, Vulnerability Assessment, and Penetration Testing
1) Security Audit: A security audit just checks whether the organization is following set of standard security policies and procedures. CEH v10 Tutorial2) Vulnerability Assessment: A vulnerability assessment focues on discovering the vulnerabilities in the information system but provides no indication if the vulnerabilities can be exploited or the amount of damage that may result from the successful exploitabion of the vulnerability.
3) Penetration Testing: Penetration testing is methodological approach to security assessment that encompasses the security audit and vulnerability assessment and demonstrates if the vulnerabilities in system can be successfully exploited by attackers.CEH v10 Penetration Testing
Blue Teaming/Red Teaming
Blue Teaming
1) An approach where a set of security responders performs analysis of an information system to assess the adequacy and efficiency of its security controls.CEH v10 Penetration Testing
2) Blue team has access to all the organizational resources and information.
3) Primary role is to detect and mitigate red team (attackers) activities, and to anticipate how surprise attacks might occur.
Red Teaming
1) An approach where a team of ethical hackers performs penetration test on an information system with no or a very limited access to the organization's internal resources.
2) It may be conducted with or without warning.
3) It is proposed to detect network and system vulnerabilities and check security from an attacker's perspective approach to network, system, or information access. CEH v10 Penetration Testing
Types of Penetration Testing
1) Black-box: No prior knowledge of the infrastructure to be tested:*) Blind Testing
*) Double Blind Testing
2)White-box: Complete knowledge of the infrastructure that needs to be tested.
3)Grey-box: Limited knowledge of the infrastructure that needs to be tested.
There are two ways to perform above penetration tests:
*) Announced Testing
*) Unannounced Testing:
*) Monitor
*) Response
*) Escalation
Phases of Penetration Testing
Pre-Attack Phase:
1) Planning and preparation
*) Methodology designing => (Rule of Engagement)/RoB (Rule of Behavior)
*) Network information gathering
2) Attack Phase:
*) Penetrating perimeter
*) Acquiring target
*) Escalating privileges
*) Execution, implantation, retracting
3) Post-Attack Phase:
*) Reporting
*) Clean-up
*) Artifact destruction
Security Testing Methodology
There are some methodology approaches to be adopted for security or CEH v10 Penetration Testing penetration testing, industry-leading pemetration testing methodologies are :-1) Open web application security project ( OWASP )
2) Open source security testing methdology manual ( OSSTMM )
3) Information systems security assessment framework ( ISAF )
4) EC-Councli licensed penetration tester ( LPT ) methdology
I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)