Penetration testing

2,153 views

Published on

Technical workshop about Penetration Testing for BPPT

Published in: Technology

Penetration testing

  1. 1. SECURITY PENETRATION TESTING TEKNIS PELATIHAN KEAMANAN INFORMASI AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  2. 2. AGENDASECURITY ASSESSMENT VULNERABILITY ASSESSMENT SECURITY AUDIT PENETRATION TESTING VA V.S PENTEST PENTEST V.S SYSTEM AUDIT AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  3. 3. AGENDAPENETRATION TESTING TYPE SCOPE (AREA) LIMITATIONSPENETRATION TESTING METHODOLOGIES WELL KNOWN STANDARD AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  4. 4. SECURITY ASSESSMENTIS A WAY TO VALIDATE/CHECK THE LEVEL OF SECURITYON EVERY ASPECT OF IT INFRASTRUCTURE.ALSO TO ENSURE THAT NECESSARY SECURITYCONTROLS ARE INTEGRATED INTO THE DESIGN ANDIMPLEMENTATION.TO PREPARE FOR BETTER ENHANCEMENT AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  5. 5. SECURITY ASSESSMENTVULNERABILITY ASSESSMENT A VULNERABILITY ASSESSMENT IS USUALLY CARRIED OUT BY SECURITY VULNERABILITY SCANNER APPLICATION. MOST OF THE PRODUCT TEST TYPE OF OPERATING SYSTEM, APPLICATION, PATCH LEVEL, USER ACCOUNT AND ELSE. VULNERABILITY SCANNER IDENTIFY COMMON SECURITY CONFIGURATION MISTAKES AND COMMON ATTACK AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  6. 6. SECURITY ASSESSMENTSECURITY AUDIT MOST PART ARE CHECKLIST-BASED (CORPORATE SECURITY POLICICES OR REGULATION STANDARDS (ISO) OR PBI) IMPORTANT FOR BEING COMPLIED WITH SECURITY POLICIES, LEGISLATION AND STANDARDS E.G: IS THERE ANY BACKUPS? ANTIVIRUS? AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  7. 7. SECURITY ASSESSMENTPENETRATION TESTING IS WHEN A “HACKER” DO THE ATTACKER WORK. THE ONLY GOAL IS TO GET AS MUCH AS POSSIBLE AND AS DEEP AS POSSIBLE TO BREAK INTO THE SYSTEM. AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  8. 8. VA V.S PENTESTVULNERABILITY ASSESSMENT IDENTIFIES THE“POSSIBLE” VULNERABILITIES (ALSO FALSE POSITIVE)PENETRATION TESTING VALIDATES THE VULNERABILITY AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  9. 9. PENTEST V.S SECURITY AUDITSSECURITY AUDITS IMPORTANT FOR BEING COMPLIEDWITH SECURITY POLICIES, LEGISLATION ANDSTANDARDSPENTEST COMPLEMENT SYSTEM AUDITS AND HELP TOFIX SECURITY THREAT BEFORE AN ATTACKERDISCOVERS IT AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  10. 10. PENETRATION TESTINGCHECK SENSITIVE INFORMATION AVAILABLECHECK WHAT KIND OF PRIVILEGES PENTESTER GAINCHECK IF POSSIBLE TO ESCALATE PRIVILEGESCHECK IF VULNERABILITY CAN LEAD TO MORE EXPLOITS(ANOTHER APPLICATION, SYSTEM, OR SERVER) AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  11. 11. PENETRATION TESTINGTYPE OF PENETRATION TESTING: BLACK BOX: 0 INFORMATION ABOUT THE SYSTEM, MAYBE ONLY THE IP/DOMAIN NAME. FULL ATTACKER PERSPECTIVE GRAY BOX: PARTIAL INFORMATION ABOUT A SYSTEM, SIMULATE ATTACK BY EMPLOYEE, VENDORS. WHITE BOX: SIGNIFICANT INFORMATION ABOUT A SYSTEM, SOURCE CODE/CONFIGURATION REVIEW. AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  12. 12. PENETRATION TESTINGNETWORK INFRASTRUCTURE PENTEST WIFI, VOIP, TELEPHONEAPPLICATION INFRASTRUCTURE PENTEST WEB, MOBILESYSTEM INFRASTRUCTURE PENTESTPHYSICAL SECURITYSOCIAL ENGINEETING (PEOPLE) AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  13. 13. PENETRATION TESTINGMOST LIMITATIONS TIME SKILLED ACCESS TO EQUIPMENT AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  14. 14. PENETRATION TESTINGMETHODOLOGY A GUIDELINE FOR SOLVING A PROBLEM, WITH SPECIFIC COMPONENTS SUCH AS PHASES, TASKS, METHODS, TECHNIQUES AND TOOLS AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  15. 15. PENETRATION TESTINGWELL KNOWN STANDARD ! AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  16. 16. PENETRATION TESTINGSOURCE: ISSAF AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  17. 17. PENETRATION TESTING INFORMATION GATHERING : USING ALL RESOURCES (INTERNET) TO FIND ALL THE INFORMATION ABOUT TARGET, USING TECHNICAL AND NON-TEHCNICAL METHODSSOURCE: ISSAF AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  18. 18. INFORMATION GATHERINGNON TECHNICALSEARCH COMPANY INFO ON SOCIAL NETWORK :LINKEDIN.COM, FACEBOOKSEARCH KEY PERSONAL ACTIVITY: ADMINISTRATOR,PROGRAMMERGOOGLE HACKING AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  19. 19. HANDS ONINFORMATION GATHERING VIA SOCIAL NETWORKINFORMATION GATHERING VIA GOOGLE HACKING AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  20. 20. INFORMATION GATHERINGTECHNICALUSING DIG. NSLOOKUP, WHOIS TO FIND INFORMATION AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  21. 21. HANDS ONINFORMATION GATHERING USING DIGINFORMATION GATHERING USING WHOIS AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  22. 22. PENETRATION TESTING NETWORK MAPPING: FOOTPRINT THE NETWORK AND RESOURCES THAT ALREADY GATHER FROM INFORMATION GATHERING. E.G: FIND LIVE HOST, PORT AND SERVICE, NETWORK PERIMETER, OS AND SERVICE FINGERPRINTINGSOURCE: ISSAF AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  23. 23. NETWORK MAPPING TOOLS: NMAP, TRACEROUTE, PING MENCOBA NMAP, TRACEROUTESOURCE: ISSAF AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  24. 24. HANDS ON AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  25. 25. HANDS ON AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  26. 26. PENETRATION TESTING VULNERABILITY IDENTIFICATION : IDENTIFY ALL SERVICES VULNERABILITY (BASED ON VERSION/ BANNER), USING VULNERABILITY SCAN, IDENTIFY ATTACK PATH TOOLS: NMAP, NESSUSSOURCE: ISSAF AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  27. 27. HANDS ONNMAP -SV (DETECT OPEN PORT WITH SERVICE INFO(VERSION))NMAP -O (DETECT POSSIBLE OS) AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  28. 28. PENETRATION TESTING PENETRATION: TRY TO GAIN UNAUTHORIZED ACCESS BY CIRCUMVENTING THE SECURITY MEASURES TO GET ACCESS,. E.G: FIND POC, CREATE TOOLS, TESTINGSOURCE: ISSAF AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  29. 29. PENETRATION TESTING GAINING ACCESS AND PRIVILEGES : GAINING LEAST PRIVILEGE BY DEFAULT USER OR PASSWORD, DEFAULT SETTINGS, PUBLIC SERVICES, TRY TO ESCALATE PRIVILEGES TO SUPERIOR LEVEL (ADMINISTRATOR/ ROOT) USING/CREATING EXPLOIT OR METASPLOIT (FREE) , IMMUNITY CANVAS, CORE IMPACTSOURCE: ISSAF AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  30. 30. HANDS ONUSING METASPLOITUSING LOCAL EXPLOIT TO GAIN HIGHER LEVELPRIVILEGES AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  31. 31. PENETRATION TESTING ENUMERATING FURTHER: OBTAIN PASSWORD (PASSWORD FILE (/ETC/SHADOW, SAM), USER DATABASE), SNIFFING NETWORK, MAPPING INTERNAL NETWORKSOURCE: ISSAF AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  32. 32. HANDS ONCRACKING PASSWORD FILE AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  33. 33. PENETRATION TESTING COMPROMISE REMOTE USERS/SITES: (IF POSSIBLE) TRY TO COMPROMISE REMOTE USER (VPN USERS) TO GET PRIVILEGE TO INTERNAL NETWORKSOURCE: ISSAF AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  34. 34. PENETRATION TESTING MAINTAINING ACCESS: OFTEN NOT PERFORM COVERING TRACKS: OFTEN NOT PERFORMSOURCE: ISSAF AHMAD MUAMMAR !(C)2011 | @Y3DIPS
  35. 35. PENETRATION TESTINGVALUE IS ON THE REPORTPENETRATION TESTING SERVICE LEVEL AGREEMENT NON DISCLOSURE AGREEMENTTHERE ARE ALWAYS A RISK, E.G : SYSTEM DOWN/CRASH DURING PENTEST, SLOWDOWN NETWORK AHMAD MUAMMAR !(C)2011 | @Y3DIPS

×