Security and Penetration Testing Overview

Views:
 
Category: Education
     
 

Presentation Description

This presentation throws light on some of the essential elements of security and penetration testing which have become crucial to ensure quality in this day and age. To know more on Security Testing, Penetration Testing, Ethical Hacking, Penetration Testing Methodologies and Vulnerability Scanning, go through this presentation as well as the ones coming soon.

Comments

Presentation Transcript

slide 1:

Security and Penetration Testing

slide 2:

Agenda What are we going to talk about … ● Introduction to Information security and Security Testing ● Introduction to Vulnerability Scanning Penetration Testing and Ethical Hacking ● Overview of Penetration Testing Methodologies ● Penetration Testing Steps ● Overview of the Pen-Test Legal Framework ● Pen-Test Deliverables Copyright © by QAInfoTech. All rights reserved.

slide 3:

What is information security Information security is the process of protecting information and information systems from unauthorized access use disclosure disruption modification or destruction. The goal is to protect the confidentiality integrity and availability of information. Confidentiality - Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems Integrity - In information security integrity means that data cannot be modified without authorization. Availability - For any information system to serve its purpose the information must be available when it is needed Copyright © by QAInfoTech. All rights reserved.

slide 4:

Information security categories ● Computer Security ● Network Security ● Web Application Security ● Code Review ● Threat Modeling ● Forensics ● Security Practice Copyright © by QAInfoTech. All rights reserved.

slide 5:

Security Testing Copyright © by QAInfoTech. All rights reserved.

slide 6:

Vulnerability Scanning ❏ Vulnerability scanning can help you to secure your own network or it can be used by the bad guys to identify weaknesses in your system to mount an attack against. The idea is for you to use VS tools to identify and fix these weaknesses before the bad guys use them against you. ❏ The goal of running a vulnerability scanner is to identify devices on your network that are open to known vulnerabilities. ❏ Different scanners accomplish this goal through different means. Some may look for signs such as registry entries in Microsoft Windows operating systems while others may actually exploit the vulnerability of Network devices. Copyright © by QAInfoTech. All rights reserved.

slide 7:

Penetration Testing ❏ It simulates methods that intruders use to gain unauthorized access into organization’s network and systems to compromise them ❏ The purpose is to test the security implementations and security policy of an organization ❏ A penetration tester’s intent to gain unauthorized access to an organization’s network is very different from a hacker. ❏ Penetration tester lacks malice and uses their skills to improve an organization’s network security Copyright © by QAInfoTech. All rights reserved.

slide 8:

Ethical Hacking ❏ An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners seeking vulnerabilities that a malicious hacker could exploit. ❏ This work is ethical because it is performed to increase the safety of the computer systems but only at the request of the company that owns the system and specifically to prevent others from attacking it. ❏ Ethical hacking is also known as penetration testing intrusion testing and red teaming. Copyright © by QAInfoTech. All rights reserved.

slide 9:

Need of Security and Penetration Testing ❏ Direct impact of security breach on corporate asset base and goodwill. ❏ Increasing complexity of computer infrastructure administration and management. ❏ Evolution of technology focused on ease of use. ❏ Increased network environment and network based applications. ❏ Decreasing skills level for creating exploits. Copyright © by QAInfoTech. All rights reserved.

slide 10:

Essential Terminologies ❏ Threat ❏ Vulnerability ❏ Target of evaluation ❏ Attack ❏ Exploit Copyright © by QAInfoTech. All rights reserved.

slide 11:

Essential Terminologies Cont.….. Copyright © by QAInfoTech. All rights reserved.

slide 12:

Phases of Penetration Testing Copyright © by QAInfoTech. All rights reserved.

slide 13:

Phase I Reconnaissance Reconnaissance represents preparatory phase where a penetration tester gather as much information as possible about a target of evaluation prior to launching an attack Copyright © by QAInfoTech. All rights reserved.

slide 14:

Phase II Scanning Copyright © by QAInfoTech. All rights reserved.

slide 15:

Phase III Gaining Access ❏ Gaining access refers to the penetration phase. The Pen Tester exploits the vulnerability in the system. ❏ Examples include buffer overflows denial of service session hijacking and password cracking. ❏ Influencing factors include architecture and configuration of the target system the skill level of the perpetrator and the initial level of access obtained. ❏ Business Risk: Highest — The hacker can gain access at the operating system level application level or network Copyright © by QAInfoTech. All rights reserved.

slide 16:

Phase IV Maintaining Access ❏ It is the phase when the Pen Tester tries to retain his ownership of the system. But ❏ Hackers may harden the system from other hackers as Well to own the system by securing their exclusive access with Backdoors RootKits or Trojans ❏ Hackers can upload download or manipulate data applications and configurations on the owned system. Copyright © by QAInfoTech. All rights reserved.

slide 17:

Phase V Clearing Tracks ❏ Refer to the activities that the hacker does to hide his misdeeds ❏ Reasons include the need for prolonged stay continued use of resources removing evidence of hacking. ❏ Examples include Steganography tunnelling and altering log files. ❏ A Pen Tester should watch out such kind of activities on the system. Copyright © by QAInfoTech. All rights reserved.

slide 18:

Always Remember ❏ If a hacker Wants to get inside your system he/she will and there is nothing you can do about it. ❏ The only thing you can do is make it harder for him to get in. Copyright © by QAInfoTech. All rights reserved.

slide 19:

What does Penetration Tester Do Penetration Tester tries to answer the following questions: ❏ What can the intruder see on the target system Reconnaissance and Scanning phases ❏ What can an intruder do with that information Gaining Access and Maintaining Access phases ❏ Does anyone at the target notice the intruders’ attempts or successes Reconnaissance and Clearing Tracks phases Copyright © by QAInfoTech. All rights reserved.

slide 20:

Overview of the Pen-Test Deliverables The main deliverable is the Pen Testing Report ❏ List of your findings in order of highest risk ❏ Analysis of your findings ❏ Conclusion or explanation of your findings ❏ Remediation measures for your findings ❏ Log files from tools that provide supporting evidence of your findings ❏ Executive summary of the organization’s security posture ❏ Name of the tester and the date testing occurred ❏ Any positive findings or good security implementations Copyright © by QAInfoTech. All rights reserved.

slide 21:

Thank You infoqainfotech.com www.qainfotech.com

authorStream Live Help