Penetration Testing
What is penetration testing? Penetration testing is a method to test the security of a computer or a network for security risks. Penetration testers use the same tools that crackers use. Some examples of tools used are Nessus, Nmap, and Metasploit.
There are two types of penetration testing. Whitebox and Blackbox testing. Blackbox testing is when the penetration tester knows nothing about the infrastructure of the company. The penetration tested is approaching the test from the mind of the attacker. With whitebox testing the company provides information about the companies IP addresses, Operating Systems ran and even source code. This allows to test the companies infrastructure from a inside point of view. This information can be gathered by a disgruntled employee.
There are industry standard documents to help assist with the testing. The Open Source Security Testing Methodology manual provides step by step instructions on how to perform a effective penetration test. The OSTMM test data controls, personnel security awareness, fraud and social engineering, telecommunications and physical security.
Becoming a penetration tester can be a rewarding career many schools offer Ethical Hacker training that will teach you how to become a professional penetration tester. SANS offers GIAC or Global Information Assurance certification. There is the GPEN which is a certified penetration tester and GWAPT which is a certified web application tester. CISSP is highly sought after. This is the certified information system security proffessional.
To learn about penetration testing tools I recommend downloading BackTrack which is a open source pen testing Linux distribution. BackTrack comes with all the tools to conduct a pen test. It comes with Nmap, Nessus and and Metasploit.
The first step in conducting a pen test is to gather information. What type of servers is the company running? Where are the servers located? What is the IP range of the target? I recommend using Google to find out information about the target company. Newsgroups are great to find out what type of operating systems they are running. Job Boards also provide a wealth of information. What are they looking for in a system administrator? I would also use dig and nslookup to find out about the ip addresses of the company. Techncial contacts can also be listed with the DNS information.
Once you have some ip addresses you can fire up Nmap. Nmap is a free open source port scanning tool. There are several different scans that you can do with nmap. I recommend doing stealth scans. Remember that when scanning you will be setting of alerts on the companies side. Intrusion detection systems are used to prevent and mitigate these scans. Nmap will provide a list of interesting ports that are open. At this point we can see what services the host is running. We want to attempt banner grabbing or finding out the exact application version that the host is running. We can then use Google to search for vulnerabilites or exploits.
Nessus is a tool that is used to automate security scanning. This tool makes your job as a penetration tester less work intensive. Nessus is open source. However to obtain the latest vulnerabilties a professional feed is required there is a cost associated with this. To become a professional penetration tester I recommend using some commercial versions of products to get the latest updates. You will be providing a better service to your clients.Nessus also has reporting feautures. This is vital because you need to show your clients the security holes.
Metasploit can be used to gain access to your targets systems. In a penetration test seek written approval before any testing is conducted. NeXpose community edition is good for individual consultants or penetration testers. Metasploit can be used to run exploits against the target hosts. Depending on the exploit you can get root access, get a reverse shell or do other malicious acts. Metasploit comes with several exploits built in.
I recommend setting up a hacker lab. This is a great way to learn. I would get a computer that can run virtual machines. This way you can have multiple operating systems to run attacks against. Download versions of operating systems that have known security holes and hack them on your computer at home. I would download BackTrack and read the OSTMM. There are several books out there that can help you with you penetration testing career.