Scribd
Upload
20 views19 pages

Domain 6 - Security Assessment and Testing

Uploaded by

ryancheungkk2
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views19 pages

Domain 6 - Security Assessment and Testing

Uploaded by

ryancheungkk2
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Security Assessment and

Testing
CISSP COMMON BODY OF KNOWLEDGE (CBK)
DOMAIN – 6

© 2021 CLOUD EDUCATION GROUP LIMITED 1


Security Assessment and Testing Topics
• Introduction to Security Assessments
• Vulnerability Assessments
• Penetration Testing
• Remediation
• Intrusion Detection
• Audit Logs
• Common Vulnerabilities

© 2021 CLOUD EDUCATION GROUP LIMITED 2


Vulnerability Assessments and Penetration
Testing
• Vulnerability Assessment
o Physical / Administrative/ Logical
o Identify weaknesses
• Penetration Testing
o Ethical hacking to validate discovered weaknesses
o Red Teams (Attack) / Blue Teams (Defend)
• NIST SP 800‐42 Guideline on Security Testing

© 2021 CLOUD EDUCATION GROUP LIMITED 3


Degree of Knowledge
• Zero Knowledge (Black Box Testing) ‐ Team has no knowledge of the target
and must start with only information that is publically available. This
simulates an external attack
• Partial Knowledge ‐ The team has limited knowledge of the organization
• Full Knowledge ‐ This simulates an internal attack. The team has full
knowledge of network operations

© 2021 CLOUD EDUCATION GROUP LIMITED 4


Attack Methodology
Test Attacks 1 of 2
1. Reconnaissance
• Who Is Database, Company Website, Job Search Engines, Social Networking
2. Footprinting
• Mapping the network (Nmap)
• ICMP ping sweeps
• DNS zone transfers
3. Fingerprinting
• Identifying host information
• Port scanning
4. Vulnerability assessment
• Identifying weaknesses in system configurations
• Discovering unpatched software

© 2021 CLOUD EDUCATION GROUP LIMITED 5


Attack Methodology
Test Attacks 2 of 2
5. The “attack”
• Penetration
• Privilege escalation ‐ Run As, SU
• Root kits ‐ Collection of tools to allow continued access. Includes
o Back Door software
o Can update the kernel of the operating system
o Very difficult to detect
• Cover tracks
o Trojan Programs: The Attacker replaces default utilities with ones that
masquerade as system utilities that provide normal services, with the exception of
helping identify the backdoor software
o Log Scrubbers

© 2021 CLOUD EDUCATION GROUP LIMITED 6


Testing Guidelines
• Why Test?
o Risk analysis
o Certification
o Accreditation
o Security architectures
o Policy development
• Develop a cohesive, well‐planned, and operational security testing program

© 2021 CLOUD EDUCATION GROUP LIMITED 7


Penetration Testing Considerations
• Three basic requirements
o Meet with Senior management to determine the goal of the Assessment
o Document Rules of Engagement
o Get sign off from Senior Management
• Issue ‐ it could disrupt productivity and systems
• Overall purpose is to determine subject’s ability to withstand an attack and
determine effectiveness of current security measures
• Tester should determine effectiveness of safeguards and identify areas of
improvement.
o ****TESTER SHOULD NOT BE THE ONE SUGGESTING REMEDIATION. THIS VIOLATES
SEPARATION OF DUTIES*****

© 2021 CLOUD EDUCATION GROUP LIMITED 8


Rules of Engagement
• Specific IP addresses/ranges to be tested
o Any restricted hosts
• A list of acceptable testing techniques
• Times when testing is to be conducted
• Points of contact for the penetration testing team, the targeted systems, and
the networks
• Measures to prevent law enforcement being called with false alarms
• Handling of information collected by penetration testing team

© 2021 CLOUD EDUCATION GROUP LIMITED 9


Types of Penetration Tests
• Physical Security
o Access into building or department
o Wiring closets, locked file cabinets, offices, server room, sensitive areas
o Remove materials from building
• Administrative Security
o Help desk giving out sensitive information, data on disposed disks
• Logical Security
o Attacks on systems, networks, communication

© 2021 CLOUD EDUCATION GROUP LIMITED 10


Approaches to Testing
• Do not rely exclusively on high‐tech tools
o Dumpster diving
• Stealth methods may be required
• Do not damage systems or data
• Do not overlook small weakness in search for the big ones
• Have a toolkit of techniques

© 2021 CLOUD EDUCATION GROUP LIMITED 11


Software Test
• Static (code) Test ‐ reviewing the software’s code while it isn’t running,
reviewing for errors in syntax or performing walkthroughs of the
programmed logic
• Dynamic Test ‐ evaluating the code while is it running to reveal additional
flaws that may not otherwise be identified

• Synthetic Transactions ‐ building automated or manual scripts to simulate


the normal activities an application can be expected to perform. These
transactions can be used to not only probe for errors or weaknesses, but
they can also allow an organization to establish performance baselines

© 2021 CLOUD EDUCATION GROUP LIMITED 12


Software Test
• Fuzzing ‐ submitting random, error‐filled data as inputs into software to
make it crash. Often facilitated with tools to maximize a high level of inputs,
applications that hang or crash can signal larger development errors, or
security vulnerabilities are present, such as buffer overflow or boundary
checking issues

• Misuse Case Testing ‐ purposefully stressing an application with the sole


goal of simulating real attacks. Also known as a part of threat modeling,
misuse case testing can help a development team understand what
vulnerabilities are present in an application and what security impacts they
may have

© 2021 CLOUD EDUCATION GROUP LIMITED 13


Network Scanning
• List of all active hosts
• Network services
o ICMP
o UDP & TCP
• Port scanner
o Nmap
o Finger Printing
o Banner Grabbing

© 2021 CLOUD EDUCATION GROUP LIMITED 14


Password Cracking
• Goal is to identify weak passwords
• Passwords are generally stored and transmitted in an encrypted form called
a hash
• Password cracking requires captured password hashes
• Hashes can be intercepted
• Can be retrieved from the targeted system

© 2021 CLOUD EDUCATION GROUP LIMITED 15


Password Cracking Techniques
• Dictionary attack
• Brute force
• Hybrid attack
• LanMan password hashes (Windows NT)
• Theoretically all passwords are “crackable”
• Rainbow tables (Unix like /etc/password or /etc/shadow)

© 2021 CLOUD EDUCATION GROUP LIMITED 16


Rogue Infrastructures
• Unauthorized DHCP Servers can be used to redirect hosts to rogue DNS
servers
• Rogue DNS Servers can direct traffic to spoofed hosts
• DNS zone transfer information contains MUCH information about a network
and its configuration
• Countermeasure
o Secure physical access to the network, require DHCP servers to require
authorization, User DHCP reservations and MAC addressing to control
assignment of IPs, Secure DNS zone transfers only to specific hosts

© 2021 CLOUD EDUCATION GROUP LIMITED 17


Sample Question ‐ 1

© 2021 CLOUD EDUCATION GROUP LIMITED 18


Sample Question ‐ 2

© 2021 CLOUD EDUCATION GROUP LIMITED 19

You might also like