Alternative Testing Methods
- Application Security: This type of testing is for organizations that offer access to core business functionality through web-based applications. Application security testing examines and qualifies controls over the application and its process flow.
- Denial-of-Service (DoS): Examines a network’s vulnerability to DoS attacks.
- War Dialing: A systematic method that calls a range of telephone numbers to identify modems, remote-access devices, and maintenance connections of systems that could operate on an organization’s network.
- Wireless Network: This examines the controls over an organization’s wireless access policies and prevents or removes any improperly configured devices that have been applied creating additional compromised security.
- Social Engineering: A testing method of social interaction techniques (typically used with the organization’s employees, suppliers, and contractors) that draws information and penetrates the organization’s systems.
Exploiting Vulnerabilities to Launch Attacks
- Default and Maintenance Accounts: Default and maintenance accounts are weaknesses that can be employed to access information systems especially default and maintenance accounts that still have preset or easily decoded passwords. Access to hardware by maintenance personnel can also qualify as a security violation.
- Data-Scavenging Attacks: Data scavenging is the method of assembling data bits over a duration and gradually piecing them together to obtain useful information. These are:
- Keyboard Attacks – uses normal utilities and tools to garner information available to normal system users who are sitting at the keyboard.
- Laboratory Attacks – uses advanced and specialized electronic equipment.
- Initial Program Load Vulnerabilities: The initial installation of a system is referred to as the initial program load (IPL) and harbors a unique set of vulnerabilities. During the IPL process the system administrator pulls up the facility’s system and can put the system into a single-user mode, void of important security features. In single-user mode the administrator has access to unauthorized programs or data, reset passwords, modification of various resources, and reassignment of the data ports or communications lines. In a local area network (LAN), a system administrator could also override the system’s security settings by booting the system from a tape, CD-ROM, or floppy disk.
- Social Engineering: In social engineering, an attacker employs social skills to gather information needed to corrupt information systems from an unsuspecting user. This can be sensitive information such as a password to secure access to a system. Social engineering can be achieved by:
- Impersonation – the attacker impersonates an authorized person and uses their qualifications to solicit information or to persuade an unsuspecting user to alter system settings.
- Intimidation – includes verbal abuse directed towards the user or threatening behavior to permit access or release information.
- Flattery – positive reinforcement used to impel the user into giving access or information for system access.
- Network Address Hijacking: An attacker may have capability of redirecting traffic from a server or network device to his or her personal system, by address modification or by network address hijacking. This method allows the perpetrator to seize traffic to and from the devices for data analysis or modification or to obtain password information from the server to access user accounts. By rerouting the data output, the intruder can gain administrator terminal functions and circumvent the system logs.
