Penetration Testing – How it is Performed and Types
A penetration test, or pen-test, is an effort to measure the security of an IT infrastructure by safely attempting to exploit vulnerabilities. These vulnerabilities may exist in OSs, services, and application program defects, improper configurations or insecure end-user behavior. Such appraisals are also useful in confirming the efficacy of protective mechanisms, likewise end-user attachment to protection policies.
Penetration tests are generally executed by using manual or automated technologies to systematically compromise endpoints, server, web applications, network devices, wireless networks, mobile devices and other expected points of exposure. Once vulnerabilities have been successfully compromised on a particular system, testers may assay using the compromised system to establish subsequent exploits at other internal resources – specifically by attempting to incrementally accomplish higher levels of security clearance and wider access to electronic assets and data via exclusive escalation.
Info about any security measures vulnerabilities is successfully worked through penetration testing. It is generally combined and exhibited to IT and network system managers to help professionals take important decisions and prioritize associated remediation causes. The basic intention of penetration testing is to evaluate the feasibility of systems or end-user compromise and evaluate any associated consequences that such incidents may have on the affected resources or operations.
Who Executes Pen-testing?
It is done by Network specialist/Testers/Security Consultants/ Admin.
It is critical to note that pen-testing is not, as is as vulnerability testing. The aim of vulnerability testing has been just to discover the possible problems, whereas pen-testing is to attack those problems.
The good thing is that you do not have to start the procedure by yourself – you’ve got a tool available in the market.
Even though you contrive the test on what to approach and how you can leverage, several tools that are available in the market to fix the problem and accumulate data rapidly that in turn would enable potent security analysis of the system.
Before we look into the particulars of the tools, what they do, where you can acquire them, etc., you should look into that tool for pen-testing, which can be assorted into two kinds – They are scanners and attackers. This is because; pen-testing is tapping the weak spots. So there are some software package/tools that will demonstrate the weak spots, & some that establish, and attack. Literally speaking, the ‘show-ears are not pen-testing tools, but they are predictable for its success.
Types of Penetration Tests
There are several types of penetration tests. They involve network services penetration test, client-side penetration test, web application penetration test, remote dial-up war dial, wireless security penetration test, and social engineering penetration tests.
Client-side test: This is intended to find vulnerabilities in client-side software, such as web browsers, media players, document editing programs, etc.
Network services test: one of the most common types of penetration tests, it’s about finding target systems on the network, looking for openings in base operating systems and other available network services, and exploit them remotely. Some of these penetration tests take place remotely across the Internet, targeting the organization’s networks. Others launch an attack from their own business facilities, to assess the security of their network from within, seeing what kinds of vulnerabilities a user could learn.
Web application test: These tests look for security vulnerabilities in the web-based applications and programs deployed and installed on the target environment.
Remote dial-up war dial: These penetration tests look for modems, and normally involve password guessing or brute forcing to log into systems connected to discovered modems.
Wireless security test: These penetration tests involve discovering a target’s physical environment to find unauthorized wireless access points with security weaknesses.
Social engineering test: This type of test involves a user into revealing sensitive information such as a password or any other sensitive data. These tests are often conducted over the phone over selected help desks, users, evaluating processes, procedures, and awareness.
Penetration Testing Software
The Top Pen Testing Tools Today
It is a package of different Pen Testing tools. It is essentially a framework, which is constantly evolving to keep up with the modern-day threat. Used worldwide by Cybersecurity professionals even Certified Ethical Hackers. This package is powered by the PERL platform with an entire host of built-in exploits to execute any kind of Pen Test and even customizable too.
The Network Mapper as the name implies, this tool is primarily for discovering about the kind of weaknesses or holes in the network environment of a corporation. It can also be used for auditing purposes and can take raw data packets to determine the following:
- What hosts are available on a particular network trunk or segment?
- The information about the services which are being provided by these hosts;
- What operating system is being used
- The versions and the types of data packet filters/firewalls are being used by any particular host.
Using NMAP, you can create a virtual map of the network segment, and from there, pinpoint the major areas of weaknesses that a Cyber attacker can penetrate through without any difficulty. This tool can be used at any stage of the Pen Testing process, and even has built-in scripting features available to help automate any testing process. It comes in both the command and GUI (known as “Zenmap”) formats.
John the Ripper
One of the biggest Cyber Security threat is the inherent weaknesses of the traditional password. This is one of the hottest areas in Pen Testing. One of the best-known tools is “John the Ripper” commonly abbreviated as “JTR.” There is nothing too complex its elegance is the simplicity. Pen Testers have used it to launch Dictionary Attacks to determine any unknown holes weaknesses in the database. This tool takes text string samples, which contains the most complex and most popular words found in the traditional dictionary. These samples are encrypted in the same format as the password which is being stolen or cracked. The output is then compared to the actual encryption to ascertain vulnerabilities and weaknesses. A strong advantage is that it can be modified to test for all the varieties of Dictionary Attacks.
This tool is an actual network protocol and a data packet analyzer which analyze the Security weaknesses of the traffic. The data can be collected from:
- IEEE 802.11
- Bluetooth
- Token Ring
- Frame Relay
- IPsec
- Kerberos
- SNMPv3
- SSL/TLS
- WEP
Any Ethernet-based connections
Some of the advantages of using Wireshark are that the analyses of the results come out in a form which can even be understood by the client at first glance.
Other tools are like:
- Kismet
- Nessus Vulnerability Scanner
- THC Hydra
- Social Engineering Toolkit