Chapter 16. Case Study: A Methodical Step-By-Step Penetration Test

Previous page
Table of content
Next page
 < Day Day Up > 

With great power comes great responsibility.

Uncle Ben, Spiderman

This chapter takes you through a brief and basic methodical penetration test of a fictional company called Little Company Network (LCN). This chapter focuses primarily on the actual attack and the recording of information found on LCN, rather than on the formal contractual process that forms a necessary part of every penetration test. To give an example, Table 16-1 shows a high-level approach to the entire process from beginning to end.

Table 16-1. Basic Steps in a Penetration Test

Step

Title

Description

1

Signing the Contract

Getting contracts signed is the most important step needed before a penetration test takes place. Without it, all actions against a company could be considered malicious and potentially illegal. All contracts should be signed by authorized personnel for both companies.

2

Setting the Rules of Engagement

Setting these rules helps to establish how much information the pen testers are given and what approaches are allowed during the test. This also helps to protect the pen testers from project scope creep.

3

Planning the Attack

The penetration testing team carries out this step. Its purpose can include the following:

Gathering your team of personnel

Collecting tools

Planning an attack strategy

4

Gathering Information

This step is sometimes called "foot printing" the victim. It is where all relevant information about the company is gathered and used for later steps in an attempt to gain access.

5

Scanning (Enumeration)

Scanning consists of searching and probing for systems and enumerating ports and applications running on them. This can also include enumerating user accounts and shared resources on computer systems. Note that some testers in the field separate scanning and enumeration into separate steps.

6

Gaining Access

This is the most exciting yet typically the most time consuming of all the steps. Gaining access might just fall into your lap, but more often it is a lengthy process. Hopefully in some cases, it will result in a failed attempt. This step can contain almost any approach to gain access, such as the following:

Access via the Internet

Dialup access

Social engineering

Wireless access

Denial of service

E-mail attacks (spam)

Trojans

Dumpster diving

7

Maintaining Access

[*] After the penetration testing team gains access, they might need to return to complete more testing. This step includes the installation of backdoor-style applications to allow an easier return into the system for further penetration attempts. This also simulates a scenario where backdoors have been maliciously installed and assesses whether current security measures are likely to detect them.

8

Covering Tracks

[*]This step allows the penetration testers to attempt to clear all traces of the attack just like a highly skilled hacker would.

9

Writing the Report

This step allows the team to assemble its findings into a document. This is the product that is presented to the customer. This step consumes a significant part of the time taken for the penetration test as a whole. Sometimes the client retains the only copy of this document, which summarizes the information collected in the previous steps.

10

Presenting and Planning the Follow-Up

After the team completes the tests and presents them to the customer, it should schedule a follow-up test on a recurring basis to ensure that the customer does not become vulnerable to future exploits and weaknesses that might occur.


[*] Not all penetration tests allow tracks to be covered, so testing basically stops at Step 6.

Tip

For an excellent document covering a full, methodical approach, see the Open Source Security Testing Methodology Manual (OSSTMM) at http://www.isecom.org/.


The rest of the chapter takes you through a fictitious penetration test of a network from two perspectives:

  • The actual attack, which provides the opportunity to take a quick look into the manual tools used

  • A post mortem and a review of a basic report that was generated

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Penetration Testing and Network Defense
    Penetration Testing and Network Defense
    ISBN: 1587052083
    EAN: 2147483647
    Year: 2005
    Pages: 209
    Authors: Andrew Whitaker, Daniel Newman
    BUY ON AMAZON
    Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
    SQL Hacks
    MySQL Cookbook
    File System Forensic Analysis
    The Oracle Hackers Handbook: Hacking and Defending Oracle
    MPLS Configuration on Cisco IOS Software
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy