Ethical Hacking and Penetration Testing Guide


◾  Ethical Hacking and Penetration Testing Guide Creating a New Policy



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə82/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   78   79   80   81   82   83   84   85   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

128
◾ 
Ethical Hacking and Penetration Testing Guide
Creating a New Policy
We will now create a new custom policy for scanning a Windows machine on my local area net-
work. To create a policy, click on “Policies” at the top and then the “+add” button. You will see a 
screen similar to the one shown here:
Enter the name of the policy. In my case, I entered “WindowsBox” since I am scanning a 
Windows machine on my network. The 
visibility
is set to private, which means that the policy will 
not be shared with other users.
You will also see lots of options under the policies tab. You can tweak these options according to 
your requirements. We will discuss a few of them, which are enabled by default, and also the ones 
that can be helpful in our penetration tests. I will leave the rest for you to explore on your own.
Safe Checks
You should always enable “Safe Check.” This will only run the low-risk checks so that the avail-
ability of the target system is not compromised. If you don’t enable it, you are most likely to crash 
older system and hence causing denial of service, which is not recommended in a penetration test 
unless you are asked so.
Silent Dependencies
This does not include dependent checks in your report, which will make your report much more 
effective without the list of dependencies.
Avoid Sequential Scans
When the “Avoid sequential scans” box is checked, nessus will scan the given IP addresses in a 
random order and not in the default sequential order. The advantage of this check is that it can get 
past some firewalls that block the “consecutive port” traffic.

Vulnerability Assessment
◾ 
129
For example, Nessus will scan for port 21, and then it will jump over to 53, and then jump to 
another port.
You don’t need to do much with the default options as these are used for most of your penetra-
tion tests. You can read more about each of the options in the “Nessus User Guide.”
On the left sidebar, you would see other options such as credentials, plug-ins, and 
preferences.

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   78   79   80   81   82   83   84   85   ...   235



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət
gir | qeydiyyatdan keç
    Ana səhifə
Stomatologiya
Anesteziologiya
Cərrahlıq
Ginekologiya
Tibb

yükləyin