Attack Stages

Previous page
Table of content
Next page
 < Day Day Up > 

Penetration testing is divided into the following five stages:

1.

Reconnaissance

2.

Scanning

3.

Obtaining access

4.

Maintaining access

5.

Erasing evidence

In the reconnaissance phase, the tester attempts to gather as much information as possible about the selected target. Reconnaissance can be both active and passive. In an active reconnaissance attack, the tester uses tools such as nslookup, dig, or SamSpade to probe the target network to determine such things as the IP address range through DNS zone transfers. In a passive reconnaissance attack, the tester uses publicly available information such as newsgroups or job postings to discover information about the technology of the company.

The second stage is scanning. Here, the tester footprints the network by scanning open ports using tools such as NMap. (See Chapter 5, "Performing Host Reconnaissance," for more information on NMap.) The goal here is to determine services that are running on target hosts. It is also here that the tester performs OS fingerprinting to determine the operating system by matching characteristics of operating systems with the target host.

Part of the scanning phase also involves scanning for vulnerabilities. Testing for vulnerabilities prepares you for discovering methods to gain access to a target host.

After scanning the target network for weaknesses, the tester tries to exploit those weaknesses and, where successful, takes steps to maintain access on a target host. Maintaining access is done through installing backdoor Trojan applications that allow the tester to return to the system repeatedly.

The last phase of testing is erasing evidence. Ethical hackers want to see if they are able to erase log files that might record their access on the target network. Because many attacks go undetected, it is important to assess what attacks are able to log and the ease of erasing those logs.

Be certain to gain authorization before attempting to erase log files. Erasing such logs files might open the assessors to liability issues if they cannot prove what they did (or did not) do. If you are not authorized to attempt log erasures, you can test event notification procedures and coordinate with the client to determine if he is being properly notified.

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Penetration Testing and Network Defense
    Penetration Testing and Network Defense
    ISBN: 1587052083
    EAN: 2147483647
    Year: 2005
    Pages: 209
    Authors: Andrew Whitaker, Daniel Newman
    BUY ON AMAZON
    Inside Network Security Assessment: Guarding Your IT Infrastructure
    Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
    Cisco CallManager Fundamentals (2nd Edition)
    Introducing Microsoft ASP.NET AJAX (Pro - Developer)
    Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
    Cultural Imperative: Global Trends in the 21st Century
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy