Ethical Hacking and Penetration Testing Guide
Penetration Testing Methodologies
Yüklə 22,44 Mb. Pdf görüntüsü
|
|
Penetration Testing Methodologies
In every penetration test, methodology and the reporting are the most important steps. Let’s first talk about the methodology. There are several different types of penetration testing methodologies that address how a penetration test should be performed. Some of them are discussed in brief next. OSSTMM Logistics and controls Posture review Intrusion detection review Network surveying System service verification Competitive intelligence scouting Exploit research and verification Routing Access control testing Internet application testing Privacy review Document grinding Security policy review Alert and log review Data collection Verification testing Password cracking Denial of service testing Privileged service testing Survivability review Containment measures testing Trusted systems testing 6 ◾ Ethical Hacking and Penetration Testing Guide An open-source security testing methodology manual (OSSTMM) basically includes almost all the steps involved in a penetration test. The methodology employed for penetration test is con- cise yet it’s a cumbersome process which makes it difficult to implement it in our everyday life. Penetration tests, despite being tedious, demands a great deal of money out of company’s budgets for their completion which often are not met by a large number of organizations. NIST Planning Discovery Reporting Additional discovery Attack NIST, on the other hand, is more comprehensive than OSSTMM, and it’s something that you would be able to apply on a daily basis and in short engagements. The screenshot indicates the four steps of the methodology, namely, planning, discovery, attack, and reporting. The testing starts with the planning phase, where how the engagement is going to be performed is decided upon. This is followed by the discovery phase, which is divided into two parts—the first part includes information gathering, network scanning, service identification, and OS detection, and the second part involves vulnerability assessment. After the discovery phase comes the attack phase, which is the heart of every penetration test. If you are able to compromise a target and a new host is discovered, in case the system is dual-homed or is connected with multiple interfaces, you would go back to step 2, that is, discovery, and repeat it until no targets are left. The indicating arrows in the block phase and the attack phase to the reporting phase indicate that you plan something and you report it—you attack a target and report the results. The organization also has a more detailed version of the chart discussed earlier, which actually explains more about the attack phase. It consists of things such as “gaining access,” “escalating privileges,” “system browsing,” and “install additional tools.” We will go through each of these steps in detail in the following chapters. Additional discovery Discovery phase Gaining access Enough data have been gathered in the discovery phase to make an informed attempt to access the target If only user- level access was obtained in the last step, the tester will now seek to gain complete control of the system (administrator- level access) The information- gathering process begins again to identify mechanisms to gain access to additional systems Additional penetration testing tools are installed to gain additional information or access or a combination of both Escalating privileges System browsing Attack phase Install additional tools |