I had a college classmate who was in computer security penetration testing business. I always wondered what that must be like and finally got a small taste of it when I started using scanning tools on my own network. I say that I only got a sample of it because I wasn't really don't any penetration testing at all. What I was doing is simply looking for any potential vulnerabilities. There is a big difference between them of which I am going to go over here.
Starting with the vulnerability scanning, this is the easiest thing that you can do. It starts with a basic scan of a network looking for any ports that may be open or any servers that you may be able to get access to. By scanning the network for open ports, you could identify a rogue ftp server or someone has setup a personal file server not allowed by company policy. This plays into the vulnerability scanning due to any old software that these systems may be running. It doesn't even have to be a rogue device either as you can scan your own equipment to see if there is anything showing on the network that should be.
A scan of the network can be much more than just a scan. A vulnerability scan is where you start to get into the meat of a simple port scan. For basic network processing it is required that the listening software report back certain version or function information so that the software wanting to talk to the listening port knows what or how to communicate. The vulnerability scan will utilize that information against an internal database of vulnerabilities it is aware of. As an example, the code that it gets back could indicate an outdated FTP server that when certain attacks are performed, it allows login without password. The information gained could also give away the operating system so that an attacker may know where to start on some specific attacks. At this point in the game the vulnerability scanning is all about information gather. Gathering for the bad guys to find a hole or gathering for the good guys to prevent a hole from being exploited.
Now comes the next part of the penetration testing. Taking all of the previous information we can then push forward with actually breaking or getting into a remote system. Penetration testing is simply the act of using exploited code or brute forcing your way through a barrier. Sometimes an attacker can do a scan of the system and find that remote desktop is open. Then they brute force their way into the system via the remote desktop protocol. Another scenario is that the previous scan finds an exploit where if they pass certain code to the remote desktop protocol, it overloads the service and then allows passwordless login. Penetration testing can get quite in-depth and so the actual work could be performed by you or a penetration test company. Usually these companies do a great job as they don't care what you have in place. What I mean by that is you may have some unsecure way to initially connect and then use a secure method to go through the WAN. Well, that penetration company will try anything and if they find the hole you left open even though you thought it was secure then you can bet on it eventually being exploited by the bad guys. Better for an unbiased company to find it and report it to you than deal with a security breach.
No comments:
Post a Comment