Consider when to scan. It might seem obvious, but when you decide to scan is also important. To keep vectors as secure as possible, you need to set up schedules in which you scan, during specific and regular intervals, that cover all areas of the enterprise in which you aim to protect.
Choose which tools to use. Figure 1-5 shows Metasploit (which I discuss further in Chapter 4), a tool you can use to run scans. There are many management and monitoring tools, logs, and other software to augment your pen test to have a complete view of the holes in your security. I cover many of these tools in Chapter 3 and discuss additional tools and sources throughout Part 2.
Test in a safe environment. You’ll want to test all changes and new scans in a lab (sandbox) prior to unleashing them on your production systems, to make sure you know what they will do before you cause more impact.
FIGURE 1-5: Metasploit is one tool for pen testing.
Deciding How and When to Pen Test
When you conduct any pen test, your goal is to have a strategy.
You can blindly run tests to see what you find; you can also try to penetrate systems to find whether there are any weaknesses. That’s fine for any scans or tests you conduct weekly or monthly to assess your overall security posture, which is the status of the security of your company’s software and hardware, networks, services, and information. The state of your security posture should be evaluated regularly and take into account your readiness and ability to react to and recover from incidents.
Sometimes you want to go deeper and really test your security posture by conducting specific attacks, such as penetration, stealth operations, destroy attacks, and overwhelm attacks. For example, if you believe a hacker’s goal is to gain access to files from outside of your corporate network, your goal should be to assess that threat using your tools.
You also want to conduct both internal and external tests. You never know where your attacks might originate from.
A high-level view of what vectors an attack may come from— both those from within your trusted network (with trusted users) and those that originate from outside of your security perimeter from untrusted users — is essential to have. An example of an external attack from an outside untrusted user may come in the form of someone using a website you host in your network (usually in a demilitarized zone [DMZ]) that may find a vulnerability that allows them to access resources from within your trusted network. On the contrary, an internal attack is just that — originating from inside your network that easily evades all the perimeter security such as firewalls and access control lists.
Either way, you can run scans using Nessus (see Figure 1-6) to see whether either of those vectors produce the result you don’t want, which is a hacker gaining access to your systems without your knowledge.
I discuss how to select the right tool and analyze for weaknesses that could cause your enterprise, brand, and data great harm if not fixed or monitored in Part 2.
FIGURE 1-6: Use Nessus to conduct an assessment.
You need to find the right balance between security and assessment. You might know of a hack, but not be able to fix it. A completely 100 percent secure system is usually unusable to anyone. Networks and systems were made to be used and that means leaving ports open. For example, the Internet generally requires that port 80 (HTTP) be left open.Taking Your First Steps
When you’re ready to pen test, these are the general steps you’ll take:
1 Download and run a pen test tool in a safe environment such as your home. Running a pen test in a production environment that causes an outage is a denial of service attack, which prevents other people from using your system. Make sure you’re doing things safely and as controlled as possible to test and find risks, not create outages and impact. I discuss denial of service attacks more in Chapter 6.
2 Download a free tool and start to investigate.I discuss many available tools in Chapter 3, but for a basic test, I recommend using a vulnerability scanner. Figure 1-7 shows Retina CS from BeyondTrust (www.beyondtrust.com
), which allows you to run scans to see what a host is susceptible to and what threats are exposed.
3 Scan a single host by its IP address, or an entire IP subnet with many hosts on it.This step helps you identify target systems that need to be reviewed based on the reports they generate for threats and exploits that may exist on them.
4 Document the host or hosts you’re testing and then which attacks you want to try based on the information you have gathered.Your goal here is to find vulnerabilities.
5 Penetrate.This is the part of the pen test that actually conducts the known hack to see if you can execute it.
6 Follow up with your findings.You can report the findings, fix the issues, monitor the issues that don’t have fixes, contact the vendors to get fixes, block access, and so on.
FIGURE 1-7: Examining a Retina CS scan.
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив полную легальную