Introduction to Pentesting
What is Pentesting?Pentesting or rather penetration test is a method of getting into the computer's system, network or web-based applications for gaining access to data, information and functions through the weaknesses in the security or firewall of the system.
Why is Pentesting performed?Pentesting is done in order to protect the system and prevent it from any harm by hackers from the outside. The purpose for Pentesting can be subdivided into five main points:
• To find gaps or leaks before the attackers can find.
• To scrutinize and report problems to higher authority such as the management.
• To secure the configurations and verify the security.
• To train staff in networking so as to learn to secure the system better.
• To test new technology through penetration testing.
When to perform Pentesting?This should be done regularly to maintain consistency and manage the security of the network. A regular check is necessary to update new threats by the attackers that could be easily mitigated. Further tests should be done whenever there is
• A new network or application created and added.
• The network or application is modified.
• Security is added.
• Location of the office is shifted.
• Modifications are done to the end user policies.
How is Pentesting done?According to computer penetration expert James P. Anderson, Penetration testing can be done using the following four steps:
1. To look for the vulnerable item or program or system that can be exploited.
2. To design and model an attack to affect that vulnerable thing.
3. To attack and test the attack.
4. To enter the attack to understand its mechanism and retrieve the information that was used while exploiting at the entry.
Pentesting can be done automatically by the software or manually. Basically, the method includes gathering information about the target, next is search and select appropriate possible entry points for modelling of the attack, third is to attack and break in either virtually or for real and lastly sending in report on the findings.
In case of software pentesting on website, the pentester just has to insert the URL of website like http://www.haktuts.com and rest is taken care by software itself like finding vulnerability, exploit vulnerability, generating report etc but in case of manual pentesting, everything from planning to vulnerability and generating report done by pentester itself.
Strategies for PentestingFollowing are the main strategies used for Pentesting:
Targeted Testing- in this type of Pentesting, a transparent light on search is done which is visible to both the teams - Organization's IT team and testing team working together.
Internal Testing- in this the test imitates an inside attack usually done by an authorized user behind the firewall who has some standard access privileges. This is helpful for assessing how much damage an outsider or a disgruntled employee can cause.
External Testing- this test targets the company's external visible servers or devices such as DNS, e-mail servers, web servers and firewalls. The purpose of this test is to find out whether an outsider can gain access and if so then how far can it reach or how much destruction can be caused.
Blind Testing- as the name suggests is conducted blindly by the tester with only the company's name in order to model and simulate the action and procedure of a real attacker. Not much information is revealed to the tester to perform this test and it is time consuming as well as expensive.
Double Blind Testing- is a type of blind test which is taken to a step further. In this case, one or two people of the organization other than the tester might know about this test being performed. It helps in monitoring the organization's security and responses to the test along with identification of the incident.
Tools & Software for PentestingTop five free Pentesting Tools include:
1. Nmap, a scanner for security purposes is a free software to manage and upgrade service schedules and monitor the host services. It helps in determining the availability of hosts on network, services offered by the hosts, operating systems used by them, type of firewalls or packet filters used and their characteristics. Nmap, acronym for Network Mapper works on all major OS like Linux, Windows and Mac OS X and it includes a graphical user interface-Zenmap, compare scan results with Ndiff, data transfer, redirection and debugging tool-Ncat and analysis tool for responses obtained-Nping. Nmap is popular, free, portable, powerful, easy, well-documented and well supported. You can find further details at https://nmap.org/ and download it from https://nmap.org/download.html. You can try it for free at insecure.org/.
2. NESSUS initially developed for NASA, is software that helps you to understand the reliability of your design by treating the parameters of the existing model as random variables. It has a powerful interface, adopts advanced methods and the graphical user interface has many versions so that it can be used on all major computer operating systems. Certain deterministic modelling tools used are finite element, boundary element, hydrocodes. Deterministic analysis can be used in NESSUS by combining probabilistic algorithms with numerical analysis methods to estimate the response and reliability of the systems. SwRI had developed it for NASA to analysis the performance of space shuttle engine components through probability. Now NESSUS is being continually modified and designed for aerospace, automotives, biomechanics, geomechanics, nuclear waste packaging and rotordynamics. To download, use the following link www.tenable.com/products/nessus/select-your-operating-system.
3. Metasploit Framework is an open source tool that is a part of the Metasploit Project. It has a modular approach that works on the basis of permutation combination between exploit and payload. It runs on Windows, Linux, and Mac OS X and has several interfaces as well as payloads. Payload is a code executed on the target on successful entry. It provides security information and helps in penetration testing. To use Metasploit Framework you can download it from www.metasploit.com/.
4. Wireshark, another free and open source network analyzer used for troubleshooting, analysis, software development. There is also a terminal based non graphical user interface version of Wireshark, known as Tshark. Wireshark, a cross platform based application uses GTK+ widget toolkit and Qt to develop version for its implementation by the users. To catch hold of the packets, it uses pcap and runs on Windows, Linux, OS X, Solaris, BSD and other UNIX related operating systems. In network protocol analysis Wireshark is the world's foremost tool with multi-platform that has several features to aid in Pentesting. Further the output could be exported to XML, CSV or plain text. Quick and intuitive analysis could be done easily with the coloring rules that can be applied to the packet. This tool can be used from https://www.wireshark.org/download.html.
5. KisMAC is a free tool that is wireless network finder for Mac OS X for security professionals and scans passively on Apple's AirPort and AirPort Extreme. This software has varied features such as reveals hidden or covered or closed SSIDs, discloses clients logged in, can draw map of network coverage area, data saved in Pcap format can be loaded in Wireshark and it is AppleScript enabled. This was developed by Michael Rossberg which was passed on to Geoffrey Kruse. KisMAC is not being actively developed like other free tools and software. It was created in Germany which was banned due to German law and shifted to USA where it is now based. For further details log on to http://kismac-ng.org/. You can download it from KisMAC (Mac) - Download.
Advantages & Challenges of PentestingThe advantages of Pentesting are that it allows understanding and identifying the vulnerable and exploitable security threats of the target points, helps in maintaining the image of the corporate and in turn restore the loyalty of the customer in the companies. Further the organizations are able to meet the regulatory requirements through Pentesting and avoid fines and costs related to the recovery from security breaches.
As there are advantages there are several challenges to this. Few of the challenges of Pentesting include outages of the server, availability problems of the application, lockout of the user account, the test itself might be unique and complex leading to several other problems. Lack of proper communication between organizations and testers may add on to the challenges.
Read Smaller Firms – An Easy Target For Hackers
Introduction to Pentesting