Security Audit And Penetration Testing Computer Science

Penetration testing (also called pen-testing) is practice of testing computer system, Network and web application to find vulnerabilities which attacher can exploit. For high rated secure system penetration testing is a requirement.

penetration testing is a form of stress testing which exposes weaknesses

that is, flaws in the trusted computing base (TCB)

.

Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.

The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents.

Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.

penetration testing strategies:

Targeted testing

Targeted testing is performed by the organization's IT team and the penetration testing team working together. It's sometimes referred to as a "lights-turned-on" approach because everyone can see the test being carried out.

External testing

This type of pen test targets a company's externally visible servers or devices including domain name servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they've gained access.

Internal testing

This test mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.

Blind testing

A blind test strategy simulates the actions and procedures of a real attacker by severely limiting the information given to the person or team that's performing the test beforehand. Typically, they may only be given the name of the company. Because this type of test can require a considerable amount of time for reconnaissance, it can be expensive.

Double blind testing

Double blind testing takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization's security monitoring and incident identification as well as its response procedures.

--------------------------------

what is pen-testing:

A pen test is an evaluation of a system or networks current state of security.

A pen test identifies vulnerabilities of a particular system, application, network, or process.

A pen test exploits those vulnerabilities to demonstrate that the security mechanisms can and will fail.

A pen test is the evaluation of security done by simulating an attack by a hacker.

A pen test involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities.

A pen test involves both internal attack scenarios and external ones.

A pen test should be carried out on any computer system that is to be deployed in any environment.

Penetration Testing Methodology:

Lets walk through the following major steps of a pen-test:

Planning stage

1- The planning stage sets the objectives of the penetration test and attackers? profiles for the tests.

2- It is determined at this stage if it's a black box or white box approach.

3- A decision is to be made what are the success criteria with which organization can measure results against predetermined criteria, for both external and internal attacks.

4- It is planned whether exploits will be performed and to what extent.

5- The plan should be coordinated with the appropriate IT team in order not to cause any damages to the network.

6- Obtain management approval for the pen test.

7- A Definition of time scale is to be set.

Gather information / Foot printing

1- The team gathers technical details, including:

1.1- identification of network access points.

1.2- network mapping and OS fingerprinting,

about the target hosts.

2- The team gathers publicly available information on the owner of the network or application in question to plan a comprehensive attack.

Scanning / EnumerationVerify vulnerabilities

1- This stage is typically called vulnerability analysis

2- The team conducts the authorized attacks using public, custom, and professional tools to search for vulnerabilities in the targets, which will allow access permission.

3- These tests will expose compromised hosts that will be used as escalating points during the next stages.

4- Next, the team collates information gathered during the previous stage in order to plan a series of subsequent actions. These will include planning of the overall approach for the pen test in question, as well as formalizing which targets require further research.

Exploiting / Penetrating

1- The exploits are framed around the vulnerabilities found. A number of tools have exploit functionality built-in and provide automated results.

2- Based on analysis the team made, the pen testers perform the attack, taking advantage of system and user privileges obtained from the previous stages.

3- The team escalates the attack based on compromised hosts used as vantage points that escalate attacks to other targets and obtain elevated privileges that lead to further compromise of the network?s operating systems and corporate data.

4- Then the team continues to pivot and loop back until goals defined in the Work Plan are achieved.

Cleaning-Up

1- This stage concerns cleaning up log files and making sure whatever settings or parameters were changed during the Pen Test are set back to their original condition.

2- The team cleans up all traces of the pen test by removing all testing traces of compromised systems, returning the system and any compromised hosts to the exact configurations that they had prior to the penetration test.

Prepare & Deliver Report / Presentation

1- This is the most important part of the Pen Test. The final report must map the findings (vulnerabilities found, exploits performed) to the risk the company may has been exposed to if the threats were realized.

2- At this point the team is ready to report high-risk vulnerabilities to the IT decision-makers so that the IT organization is better informed and better prepared to conduct their own penetration testing or to direct additional consulting services.

3- The report will review:

* The objectives and scope of the penetration test

* Conclusions from each test phase regarding remediation required and the relative priority of these recommendations

* Details gathered on every system, including the high-risk systems found vulnerable to attack, and detailed lists of vulnerabilities.

Why conduct a penetration test?

From a business perspective, penetration testing helps safeguard your organization against failure, through:

Preventing financial loss through fraud (hackers, extortionists and disgruntled employees) or through lost revenue due to unreliable business systems and processes.

Proving due diligence and compliance to your industry regulators, customers and shareholders. Non-compliance can result in your organization losing business, receiving heavy fines, gathering bad PR or ultimately failing. At a personal level it can also mean the loss of your job, prosecution and sometimes even imprisonment.

Protecting your brand by avoiding loss of consumer confidence and business reputation.

From an operational perspective, penetration testing helps shape information security strategy through:

Identifying vulnerabilities and quantifying their impact and likelihood so that they can be managed pro actively; budget can be allocated and corrective measures implemented.

What can be tested? (hint for pen-testing objectives)

All parts of the way that your organization captures, stores and processes information can be assessed; the systems that the information is stored in, the transmission channels that transport it, and the processes and personnel that manage it. Examples of areas that are commonly tested are:

Off-the-shelf products (operating systems, applications, databases, networking equipment etc.)

Bespoke development (dynamic web sites, in-house applications etc.)

Telephony (war-dialing, remote access etc.)

Wireless (WIFI, Bluetooth, IR, GSM, RFID etc.)

Personnel (screening process, social engineering etc.)

Physical (access controls, dumpster diving etc.)

----------------------

A penetration test is a method of evaluating the security of a computer system or network by simulating an attack.

----------------------

Do pen-testers perform their own research, or are they dependent on out-of-date information that is placed in the public domain by others?

----------------------

Do they hold professional certifications, such as PCI, CISSP, TIGER and CESG CHECK?

I will use the open source tools during security audit and pen-testing

Vulnerability scanner tools:

Nessus

Nmap

Packet sniffer tools:

Wireshark

TCPdump

Intorsion Detection System:

Snort

Password cracker

Jhon the ripper

L0ghtcrack

Port scanner tools:

Nmap

Unicron scan

Traffic monitoring tools:

Nagios

Cacti

Article name: Security Audit And Penetration Testing Computer Science essay, research paper, dissertation