Vulnerability Assessments and Penetration Tests

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
>> Hello. In this section,
00:00
we'll talk a little bit about
00:00
vulnerability assessments and penetration tests.
00:00
This is where we find out whether
00:00
our systems are configured the way they need to be.
00:00
Starting with vulnerability assessments.
00:00
These are passive activities.
00:00
What that means is the person conducting
00:00
them is looking for vulnerabilities,
00:00
but is not attempting to create an exploit.
00:00
On the test, you might see
00:00
references to the least intrusive method.
00:00
Well, a vulnerability scan,
00:00
it's going to be much less
00:00
intrusive than a penetration test.
00:00
They're pointing you to that direction,
00:00
so what we're doing here is in
00:00
vulnerability scan is looking for known vulnerabilities.
00:00
These are things like weak passwords, open ports,
00:00
unpatched systems, things that
00:00
shouldn't be on the network, but are.
00:00
For example, unauthorized wireless access points.
00:00
Now, an attacker would want this information.
00:00
These scans can be used for good or for evil.
00:00
Tools that we can use includes
00:00
sniffers and intrusion detection systems.
00:00
These things examine traffic on the network that is
00:00
going to a specific host or network segment.
00:00
They look for encrypted traffic and so forth.
00:00
Now once we gather that information
00:00
from a vulnerability scan,
00:00
we can then move in as pen testers and do
00:00
the active portion of
00:00
the test where we can try to create an exploit.
00:00
For example, maybe I see
00:00
that a port 80 is open on a system.
00:00
Can I send malware in through port 80?
00:00
Now, pen testing is often
00:00
referred to as ethical hacking,
00:00
but it's only ethical if you have permission.
00:00
You want permission from senior management
00:00
as high up as you can get it.
00:00
Now, when you meet with leadership to talk about this,
00:00
you'll have them complete a document
00:00
called the rules of engagement.
00:00
Many of us have worked off of this statement of work,
00:00
and that can be fine for most things but a pen test,
00:00
you want to separate document that specifies
00:00
what can be used and what can't be used.
00:00
What are the rules of engagement,
00:00
what servers can be scanned.
00:00
What tools can be used?
00:00
During what hours can the test occur?
00:00
Are there exceptions?
00:00
You want to make sure you aren't scanning the
00:00
anesthesia server right in the middle of surgery,
00:00
for example, that sign off from
00:00
senior leadership will protect you in the process.
00:00
Now, the way the steps of pen testing work,
00:00
There's obviously planning that goes into it.
00:00
As a matter of fact, vulnerability assessments are where
00:00
you gather a lot of information
00:00
you'll be using in the pen test.
00:00
That's the discovery piece.
00:00
Then the actual exploit.
00:00
We're using various tools to comprise
00:00
a system or inject malware and so forth.
00:00
But a lot of times, the system we gain
00:00
access to is not our desired target.
00:00
A lot of times we gain
00:00
access to one system and then pivot to another system.
00:00
For example, you gain access to John Smith's accounts.
00:00
That way you can pivot to
00:00
the domain controller or DNS server.
00:00
Anytime you talk about pivoting,
00:00
that means you're shifting to the real target.
00:00
Then of course, at the end of
00:00
the pen test you report on how it went.
00:00
A pen testers job is to test, is not correct.
00:00
We don't fix problems as a pen tester.
00:00
We simply test and report.
00:00
Now how much knowledge will your pen tester have?
00:00
Well, it depends on what type of
00:00
tests you want your pen testers to do.
00:00
With the black-box text you don't tell your
00:00
pen testing team any information about the organization.
00:00
They have to figure out by researching
00:00
your organization from publicly available sources.
00:00
This phase is referred to as reconnaissance,
00:00
is really stimulates how
00:00
an external attacker could
00:00
operate to try to exploit your system.
00:00
A partial knowledge pen test
00:00
simulates what a regular user might be able to do.
00:00
The team has some information about the target
00:00
and it's simulating an internal user attack.
00:00
But they don't have full access to
00:00
everything like a system administrator would have.
00:00
A full knowledge test is where the pen testers are
00:00
stimulating what an internal
00:00
system administrator could do.
00:00
They have intimate knowledge of
00:00
the target and they have full access as well.
00:00
You really need to test all of
00:00
these scenarios because you
00:00
can't predict where the threats may come from.
Up Next