Conducting a Penetration Test on an Organization

In: Computers and Technology

Submitted By monicassantos
Words 5638
Pages 23
Interested in learning more about security?

SANS Institute
InfoSec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.

Conducting a Penetration Test on an Organization
This document is decided to give readers an outlook on how a penetration test can be successfully done on an organization. A methodology has been drawn out in this document to allow readers to be acquainted with the process that penetration testers go through to conduct a penetration test.

AD

Copyright SANS Institute
Author Retains Full Rights

Conducting a Penetration Test on an Organization

TABLE OF CONTENTS

PAGE
2

What is a Penetration Test?

2

fu ll r igh ts.

Abstract

eta

ins

The Process and Methodology
Planning and Preparation
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Information Gathering and Analysis
Vulnerability Detection
Penetration Attempt
Analysis and Reporting
Cleaning Up

rr

Limitation of Penetration Testing

ut

ho

Conclusion

10
10

Appendix A: Netcraft (www.netcraft.com) results on www.sans.org

12

Appendix B: Penetration Testing Tools

14

tu

te

20

,A

11

02

Bibliography

3
3
4
6
7
9
9

sti

DETAILS

©

SA

NS

In

Full name: Chan Tuck Wai
GIAC userID: twchan001
Course: Security Essentials
Version: First (Original Submission)
Conference Location: Malaysia

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46

Chan Tuck Wai (twchan001)

© SANS Institute 2002,

As part of the Information Security Reading Room.

Page 1

Author retains full rights.

Conducting a Penetration Test on an Organization

Abstract
This document is decided to give readers an outlook on how a penetration test can be successfully done on an…...

Similar Documents

Market Penetration

...Description Page No. 1 Executive summary 5 2 Objective of Research 7 3 About the Amul Ice-Cream 9 Industry profile 11 Company profile 13 Description of Amul Ice-Cream 25 4 Market penetration 37 5 Research Methodology 52 6 Competitors Shares 57 7 Finding & Swot Analysis 63 8 Regression Analysis 71 9 Conclusion 75 10 Recommendation 77 11 Bibliography 83 12 ......

Words: 1982 - Pages: 8

Penetration Test Plan

...Malcolm Testing Solution’s Penetration Test Plan Customer: The Fitness Club Introduction: The Fitness Club has already been victim to hacking that took place on their web server. They are unsure if this occurred due to a former administrator who quit or if by an external party. Malcolm Testing Solutions has been tasked with creating a penetration test plan to prevent further acts of attack on the Fitness Club’s network. The objective of the assessment is to provide feedback to The Fitness Club with respect to its ability to preserve the confidentiality, Integrity, and availability of the information maintained by and used by its origination. Malcolm Testing Solutions will test the use of security controls used to secure sensitive data. Services Overview: This project shall include 1 consultant for a time period of 2 days onsite at a single customer location to provide internal penetration test services. Malcolm Testing Solutions will provide tools, knowledge and expertise to execute an internal penetration test on customer designated devices. Malcolm Testing Solutions will attempt to compromise the access controls on designated systems by employing the following methodology: 1. Enumeration – Once Malcolm Testing Solutions has arrived for The Fitness Club’s assessment they will connect to the network via the data port provided by the customer. Once connected, Malcolm Testing Solutions will run a variety of information gathering tools in order to enumerate computers and......

Words: 566 - Pages: 3

Test

...attack the targeted systems, what can you do as an initial first step to collect as much information as possible about the targets prior to devising an attack and penetration test plan? Collect as much information as possible through analysis. You must have all the needed data you can acquire regarding the system, network and applications. This information will be used to generate an appropriate test plan. Using NMAP can provided you with a good network survey. NMAP can provide you information regarding what Operating Systems are running as well as the type of packets, filters and/or firewalls are installed. Review old test results and reports that have been kept with all issues that have plagued the network, this will show you any previous vulnerabilities and allow you to check if a fix was implemented. 3. What applications and tools can be used to perform this initial reconnaissance and probing step? NMAP is that will allow you to collect OS information as well as packets, filters and firewall information. Nslookup will allow you to map an IP to a specified domain. The Domain Name Server (DNS) will give you information on a specific domain that is used to communicate with the network Whois will allow you to profile the organization, this will provide you with the physical address of the organization, the contact information regarding the Admins to include address, phone number and email address. Whois will also give you information regarding the NIC handle......

Words: 765 - Pages: 4

Vulnerability Asses Vulnerability Assessment System Penetration and Analysis Testingsment System Penetration and Analysis Testing

...| Vulnerability Assessment System Penetration and Analysis Testing | |Memo | Internal Penetration Testing Tool and Purchase | | | | With the recent attack/hack on agency's network town police department authorities came to a decision to conduct a complete assessment on network vulnerabilities. The main goal of this memo is to assess or evaluate the network penetration tools available in the market. Compare the tools. Cost to buy and implement these tools internally. Hire a professional service to evaluate these tools. In this memo we will cover the internal implementation at high level. In the market there are many penetration tools like a. Nmap - Worlds Best Port Scanner b. Nessus - Vulnerability Scanner c. Metasploit - Exploit framework For testing Vulnerabilities I picked the above three mentioned tools which are widely used in many organizations and would be perfect for this scenario. The penetration tools that could be used to conduct a vulnerability analysis are; Nmap and Nessus which provide a number of penetration testing techniques such as port scanning, Credentialed and uncredentialed scans, enumeration,......

Words: 1156 - Pages: 5

Penetration

...Simple Proposal Format DISCLAIMER: This is a simple proposal format that can be used when no format is given by the funding agency. Please note: this format is not all-inclusive, as some sponsors may require other components. Organizational Background: This is the “Who” of your proposal. • Why you or your organization are qualified. • Should include brief history, accomplishments, qualifications, experience in types of projects for which you seek funds, etc. • See Sample – Organizational Overview – CNM Community College. Need: This is the “Why” of your proposal. • Based on RESEARCH – trends, data, census, newspaper articles, worldwide web, etc. • Community description, poverty, education and employment levels, other information that describes or relates to your target population and the objectives of your proposal. • Make sure the NEED relates to what you are going to DO. Avoid circular reasoning. • See “Resources for Gathering Data” list for gathering data based on research. • Keep track of sources. List source in parentheses behind information. Example: In the Pew Study for the States report entitled “Quality Counts 2007: From Cradle to Career: Connecting American Education From Birth to Adulthood,” New Mexico ranked last of the 50 states on a child’s “Chance-For-Success” index evaluating how well young people in each state are faring at key points in their development and education (Source: Editorial Projects’ Research Center, Education......

Words: 1071 - Pages: 5

Attack and Penetration Test Plan

...Attack and Penetration Test Plan Part 1: Table of Contents 2. Scope 3 .Goals and Objectives 4. Tasks 5. Reporting 6. Schedule 7. Unanswered Questions 8. Authorization Letter Part 2: Scope Production e-commerce Web application server and Cisco network. Located on ASA_Instructor, the e-commerce web application server is acting as an external point-of-entry into the network: • Ubuntu Linux 10.04 LTS Server (TargerUbuntu01) • Apache Web Server running the e-commerce Web application server • Credit Card transaction processing occurs The test will be intrusive, meaning specific security points will be passed. Part 3: Goals and Objectives • If security software is up to speed, and penetration is not possible, a positive result will be given. If security software is not what it should be, penetration will be easy and the results will be explained to you in a separate report. Part 4: Tasks • Determine website size • Determine code of the website Part 5: Reporting • Upon completion of the penetration test, all results found will be in a separate report written by the person whom is performing the test. Part 6: Schedule Phase One-Information Collection (2 days) 1. Client authorization letter 2. Further client information 3. Get IT infrastructure Phase Two-Test Plan Development (3 days) 1. Determine scope 2. Use IT infrastructure to gain further knowledge about what is to be penetrated 3. List things to be penetrated and things that are off limits Phase...

Words: 458 - Pages: 2

Penetration Testing

...Using penetration testing to enhance your company's security Based on the fundamental principle that prevention is better than cure, penetration testing (pen-testing) is essentially an information assurance activity to determine if information is appropriately secured. Conducted by penetration testers, sometimes referred to as ‘white hats’ or ethical hackers, these tests use the same tools and techniques as the bad guys (‘black hat hackers’), but do so in a controlled manner with the express permission of the target organization. Vulnerability scans versus pen-testing A common area of confusion is the relationship between vulnerability scanning (automated) and pen-testing (expert-driven manual testing). Both involve a proactive and concerted attempt to identify vulnerabilities that could expose the organization to a potential malevolent attack. Vulnerability scanners are great at identifying ‘low-hanging’ vulnerabilities, such as common configuration mistakes or unpatched systems that offer an easy target for attackers. What they are unable to determine is the context or nature of the asset or data at risk. They are also less able than humans to identify unknown-unknowns (things not already on the risk register, or which haven't been theorized by the organization as potential security issues). Good pen-testing teams, however, do this very well. For instance, pen-testers can give countless examples of engagements where an environment was previously scanned only for......

Words: 1752 - Pages: 8

Penetration Testing

...Penertation Test? 4 1. Cleint Penetraion Test Request 5 1.2 Scope 5 1.3 Intrusive or Non-Intrusive 5 1.4 Compromise or Non Compromise 5 2. Goals and Objectives 6 3. Penertation testing Methodology 2.1 Penetration test plans 2.2 NIST penertation testing documentation 2.3 Web application penertation testing 2.4 E-commerece penertation testing 2.5 Network penetration testing 2.6 Common tools and applications for peneration testing 7 2.7 Black box testing, grey box testing, Black/grey box testing 2.8 Social engineering testing 7 3. Test Plan 15 3.1 Task 3.1 Reporting 3.1 Schedule 3.2 Limitation of Liability 3.3 End of Testing 3.1 Unanswered Questions 10 3.4 Signatures 8 3.1 Authorization Letter 8 4. Conclusion 11 5. Bibiography 11 Acronyms 22 Appendix A – Test Case Procedures 23 Abstract This document is a proposal with a series of activities undertaken to identify and exploit security vulnerabilities. It helps confirm the effectiveness or ineffectiveness of the security measures that have been implemented. This proposal provides an understanding of penetration testing. It discusses the benefits, the strategies and the mythology of conducting penetration testing. The mythology of penetration testing includes three phases: test preparation, test and test analysis. Key Words: Security Testing, Vulnerability Assessment,......

Words: 1995 - Pages: 8

It Penetration Testing

...Institute Author Retains Full Rights This paper is from the SANS Penetration Testing site. Reposting is not permited without express written permission. Interested in learning more? Check out the list of upcoming events offering "Hacker Techniques, Exploits & Incident Handling (SEC504)" at http://pen-testing.sans.org/events/ Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 A Management Guide to Penetration Testing David A. Shinberg © SANS Institute 2003, © SA NS In sti tu As part of GIAC practical repository. te 20 03 ,A ut ho rr Version 2.1a eta Practical Assignment ins SANS Hacker Techniques, Exploits, and Incident Handling (GCIH) fu ll r igh ts. Author retains full rights. Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Abstract Penetration tests are an excellent method for determining the strengths and weaknesses of a network consisting of computers and network devices. However, the process of performing a penetration test is complex, and without care can have disastrous effects on the systems being tested. This paper provides guidance, primarily focused around planning and management, on how to conduct a penetration test comprised of five phases – Preparation, Public Information, Planning, Execution and Analysis and Reporting. However, due to the technical and sometimes sensitive nature of penetration testing only a cursory overview how to compromise......

Words: 4111 - Pages: 17

What Is Penetration Testing?

...What is penetration testing? Penetration testing is a way of trying to exploit the weaknesses of an organizations security defenses. Penetration testing may come in many forms and test different types liabilities. A few years ago people debated as to whether or not penetration testing was even needed. Now most people realize it is absolutely necessary. Although most people, when thinking of security breaches, think of network security in relation to hackers, there are many other security areas that must be tested. Some of these areas are physical security, telecommunications security, and environmental security. Other areas that may be tested are operating systems and applications, and social engineering. All of these areas are vital to the security of an organization. A breach in any of these systems may cause great detriment to the organization financially and a degradation of customer trust. Application and username/password weaknesses may be tested by using automated tools. These tools may also be used to find harmful software (virus, malware) which may lead to unlawful access to a company’s system. The best penetration tools supply the following options: 1. Easily deployed, configured and used 2. Scans systems easily 3. Distinguishes weaknesses based on severity 4. Verification of weakness automated 5. Test weakness previously found to make sure they are no longer viable 6. Able to produce logs and reports on the weakness of the system Not all......

Words: 1495 - Pages: 6

Sec 435 Week 10 Term Paper Penetration Testing Sec435 Week 10 Term Paper Penetration Testing

...trends of having a SIEM solution within a company. * http://workbank247.com/q/sec-435-complete-course-week-1-to-week-11/12288 SEC 435 Week 3 Discussion "Penetration Test Methods and Legal Consideration of Penetration Testing"  Please respond to the following: * Compare and contrast announced penetration testing and unannounced penetration testing. Speculate on whether or not there are instances where unannounced testing is preferred over announced testing. Justify your response.  * Suggest three (3) penetration testing methods that you would use for a small day care business. Provide a rationale to support your response. Note: The day care is located in the heart of downtown, currently uses a Website, databases, file servers, printers, both wireless (802.11x) and Ethernet access to the Internet, and card readers for physical entry for its employees. * http://workbank247.com/q/sec-435-complete-course-week-1-to-week-11/12288 SEC 435 Week 3 Assignment 1 Business Security Posture Due Week 3 and worth 90 points   Company XYZ, a mid-sized corporation, is in the middle of satisfying their regulatory compliance needs.  The manager of security at the company has been tasked by the CIO (Chief Information Officer) to report on the company’s current security posture. You are called upon as a 3rd party penetration tester, based on your industry reputation of being both careful and thorough to report on company XYZ’s security posture. The only information available......

Words: 3012 - Pages: 13

Sec 435 Week 10 Term Paper Penetration Testing Sec435 Week 10 Term Paper Penetration Testing

...future trends of having a SIEM solution within a company. * http://workbank247.com/q/sec-435-complete-course-week-1-to-week-11/12288 SEC 435 Week 3 Discussion "Penetration Test Methods and Legal Consideration of Penetration Testing"  Please respond to the following: * Compare and contrast announced penetration testing and unannounced penetration testing. Speculate on whether or not there are instances where unannounced testing is preferred over announced testing. Justify your response.  * Suggest three (3) penetration testing methods that you would use for a small day care business. Provide a rationale to support your response. Note: The day care is located in the heart of downtown, currently uses a Website, databases, file servers, printers, both wireless (802.11x) and Ethernet access to the Internet, and card readers for physical entry for its employees. * http://workbank247.com/q/sec-435-complete-course-week-1-to-week-11/12288 SEC 435 Week 3 Assignment 1 Business Security Posture Due Week 3 and worth 90 points   Company XYZ, a mid-sized corporation, is in the middle of satisfying their regulatory compliance needs.  The manager of security at the company has been tasked by the CIO (Chief Information Officer) to report on the company’s current security posture. You are called upon as a 3rd party penetration tester, based on your industry reputation of being both careful and thorough to report on company XYZ’s security posture. The only information available......

Words: 3013 - Pages: 13

Perpetual Organization Test

...1. What was your score on the Perceptual Organization Test? The score on my Perceptual Organization Test was an 8 out of 10. _ 2. What was the range (R), median (Md), and mean (X) for the males in the class. Range: 10 – 3 = 7 The range for males was equal to 7. Median: 3,3,3,5,6,6,6,6,6,7,7,8,10,10 6+6 = 12 12/2 = 6 The median for the males was 6. Mean: 3+3+3+5+6+6+6+6+6+7+7+8+10+10 = 86 86/14 = 6.14 The mean for the males was 6.14. 3. What was the range (R), median (Md), and mean (X) for the females in the class. Range: 10 – 3 = 7 The range for females was equal to 7. Median: 3,4,5,5,6,6,6,6,7,8,8,9,9,9,9,10 6+7 = 13 13/2 = 6.5 The median for females was 6.5. Mean: 3+4+5+5+6+6+6+6+7+8+8+9+9+9+9+10 = 110 110/16 = 6.875 The mean for males was 6.88. 4. How did your score compare to others of your gender? For example, how much above or below the median and mean was your score? Be specific. My score compared to others of my gender was higher for both median and mean. For the median my score was higher by 1.5 and for the mean it was higher by 1.12. 5. Was there any difference in the way males and females scored on this test? Be specific. If so, how might you account for this? There was a difference in in the way the males scored compared to the females on this test. The males scored lower in both median and mean compared to the females. To account for this I would show......

Words: 640 - Pages: 3

Information Systems in Organizations Test Bank

...Information Systems in Organizations (Wallace) Chapter 1 Information Systems and People 1) China is known as the world's "back office" because innumerable companies in China manage information system applications for a growing number of multinational corporations. Answer: FALSE Page Ref: 6 AACSB: Use of information technology Chapter LO: 1 Difficulty: Easy Course LO: Discuss the role of information systems in supporting business processes 2) A survey of retailers found that modern point-of-sale technology was rated the least valuable element in customer satisfaction. Answer: FALSE Page Ref: 8 AACSB: Use of information technology Chapter LO: 1 Difficulty: Easy Course LO: Describe the functions of customer relationship management (CRM) systems 3) A person's online behavior is an important source of business intelligence. Answer: TRUE Page Ref: 9 AACSB: Use of information technology Chapter LO: 1 Difficulty: Easy Course LO: Explain how information systems can be used to assist in decision making 4) The information systems that support virtual teamwork and collaboration are, in some respects, still in their infancy compared to the more mature operational systems. Answer: TRUE Page Ref: 9 AACSB: Use of information technology Chapter LO: 1 Difficulty: Easy Course LO: Explain how IS can enhance systems of collaboration and teamwork 5) The development and application of innovative information systems improve the operations...

Words: 8842 - Pages: 36

Penetration Test vs. Vulnerability Assessment

...Penetration Test vs. Vulnerability Assessment Ø Penetration testing ensures you that your network will not be penetrated by malicious users. Ø Vulnerability Assessment gives an organization the ability to identify potentials for intrusion to their network. Ø Penetration test are more intrusive Reason for Assessement Ø Identify the vulnerability Ø Quantify the vulnerability Ø Prioritizing the vulnerability Internal vs. External Ø Internal assessment shows the vulnerabilities that employees or anyone with access to the internal network and exploit them. Ø External assessments shows the vulnerabilities from someone without direct access to the internal network. Window of Vulnerability Ø Unknown Window of Vulnerability Ø Known Window of Vulnerability Risk Ø Vulnerability Ø Attacks Ø Threats Ø Exposure Risk = Vulnerability x Attacks x Threats x Exposure Risk of Internal Assessment Ø Can’t be truly objective Ø Fair and impartial assessment Management is force to deal with the “fox in the Hen House” problem Steps 1-3 to an Successful Assessment • Understand the consequences • Document Management buy-in • Develop manageable objectives Step 4-6 to an Successful Assessment • Determine method • Plan for disruptions • Develop an assessment in a impactful, yet understandable, way. Qualified and Experienced outside Third Party. Ø Protect yourself with an contract Ø Breadth of experience Ø Currency with the latest......

Words: 255 - Pages: 2