This week's topic was penetration testing and all the preparation an ethical hacker needs to take to initiate a pen test. There was a lot of information from this chapter, so I'm only going to cover a few things I learned. The first segment covered the process of pen testing and the types of pen testing. Once again we reviewed the 5 phases of ethical hacking: Reconnaissance/Footprinting, Scanning/Enumeration, Gain Access, Maintain Access, Clear your tracks/Reporting.
There are frameworks available for a hacker's reference- Open Web Application Security Project (OWASP -- this is useful for referencing common web application & web service issues), Open Source Security Testing Methodology Manual (OSSTMM -- a potentially thorough type of security test)& National Institute of Standards and Technology Special Publication 800-115 (NIST SP 800-115 - a basic technical guide of conducting information security assessments).
There are 3 types of teams for testing: Red team, Blue team and Purple team. The Red team focuses on offensive attacks on the target. The Blue team is in charge of conducting defensive measures against the attacks. The Purple team acts as both a red and a blue team.
There are 3 types of testing:
- Whitebox
The ethical hacker is given all the information of the network in order to conduct a thorough test. However, its drawback is that it can be somewhat unrealistic.
- Blackbox
The ethical hacker is provided no information. This scenario best simulates an attack coming externally.
- Graybox
The ethical hacker has partial information, like IP addresses. This type of attack would be useful in an insider attack-type scenario.
The next section discussed the threat actors. Advanced persistent threat (APT) & Threat modeling were aspects addressed. APT is where for an extended period of time, a person or group gains access and remains undetected. Threat modeling is a process of analyzing security and finding security holes in the corporation or organization.
A list of types of hackers and their motivations were discussed: White hat (skilled hacker who uses their skills and knowledge for defensive purposes, normally only hacks when granted specific permissions), Black hat (skilled hacker who uses their skills and knowledge for their nefarious reasons), Gray hat (skilled hacker who falls between white and black, typically they have good intentions), Suicide hacker (doesn't care about the consequences of the hack and whose sole purpose is to take down the target for a cause), Cyberterrorist (hacker with religious or political motivations and wants to create disruption and fear), State-sponsored hacker (works for a government and aims to gather top-secret information from other governments), Hacktivist (hacks as a means of protest an event, situation or entity, tries to draw attention to their believes through their hack) and Script kiddie (unskilled, uses the scripts and tools developed by hackers for their hacking schemes).
Before any pen test can start, a few things need to be completed. A Scope of Work (SOW) and Rules of Engagement (ROE) must be laid out. A SOW determines what the project will entail. This is also called a statement of work. The ROE addresses how the pen test will be carried out. Rules are basically established with this documentation and allows the ethical hacker to be free of criminal charges because everything is laid out explicitly in these documents and terms.
There are 3 types of pen testing: Objective-based, Goal-based & Compliance-based. Objective tests the overall security of the organization. Goal has a specific end game in mind when the test is initiated. Compliance test how well the organization is adhering to laws and regulations.
Overall the concepts of this chapter made sense to me. There weren't many questions because they laid it out pretty well in the videos and the summaries at the end as well as the fact sheets.
The article I read for this week can be found here: Cybersecurity News: Bluegate - DoS Exploit
The article discussed a security vulnerability in the Remote Desktop application. There was no reference to any perpetrators behind any attacks as the article appeared more informative of the vulnerability. The RDP can be utilized for a remote hacker to gain access to connect to the system. Once connected, the hacker has full access and can create an account with full permissions. This vulnerability extends even to Windows Server. Microsoft had released a patch to counter this vulnerability, but at the end of the article, they suggest "disabling UDP Transport or firewalling the UDP port" (Baran).
No comments:
Post a Comment