1. Process
Penetration Testing Overview
Penetration Test: Authorized targeted, attack on infrastructure
Red Team Assessment: May be scenario based: Focuses on leveraging vulns for certain goals
Risk Management: Evaluate, mitigate, risks that could be damaging Reduce risk: Implementing appropriate controls, policies, measures Inherent risk: Level of risk present even with appropriate controls Vulnerability Assessments: Term for penetration tests
Automated tools Nessus, Qualys, OpenVAS:
Automated: Can't adapt: Manual testing has to also be done
Data Protection Act: Keep info private
Methods
External-facing hosts, obtain and gain access to data, internal network
Done with a VPN/VPS to avoid ISP blocking
Types of Testing
Essential info: Only like IP's, domains given
Laws/Regulations
USA
Computer Fraud/Abuse Act Federal: Criminal to access computer w/out auth
Hacking, id theft, malware
Criticism:
Provisions too far-reaching: Could criminalize research
Definitions can present on things without intent
Precautionary Measures
Written consent? Owner, auth representative
Stay in scope of consent obtained: Follow limitations
Take measures to prevent damage
Don't access, use, disclose, personal data, info obtained during test without permission
Don't intercept electronic comms without consent
Don't conduct testing on networks covered by HIPAA without authorization
Pre-Engagement
Questions asked, contracts made: Clients tell us what they want
3 components: Scoping questionnaire, Pre-engagement meeting, Kick-off meeting
NDA: Non-Disclosure Agreement: must be signed by all parties
Types of NDA's
Only 1 party maintains confidentiality: Other can share info with 3rd parties
Computer Misuse Act Documents
NDA: After initial contact
Scoping Questionnaire: Before pre-engagement
Scoping Document: During pre-engagement
SoW: Scope of Work: During pre-engagement
Roe: Before kick-off
Contracts Agreement (physical): Before kick-off
Reports: During/After test
CC info - PCI (Payment Card Industry)
Electronic PHI - HIPAA
Private Banking Info - GLBA
Gov info - FISMA
Test how far we can move in the network: What vulns we can find from internal
Last updated