Penetration testing &Ethical Hacking

Security Week 2013

• Hacked Companies

• Penetration Testing

• Vulnerability Scanning

• Security Services offered by Endava

Agenda

2

IN YOUR ZONE

Who I am

3

•Catanoi Maxim – Information Security Consultant at Endava

•Certifications:

• EC-Council, Certified Ethical Hacker

• EC-Council, Certified Security Analyst

• EC-Council, Licensed Penetration Tester

• SANS/GIAC Penetration Tester

• PCI-DSS, PCI Professional (Payment Card Industry)

•Over 9 years of experience in IT Security

IN YOUR ZONE

Hacked companies – 2011-2013

4

• 90% of 600 companies suffered a computer hack in the past 12 months

• 77% of companies were actually hacked multiple times

• The respondents reported having a very low confidence in their ability to prevent attacks

• Many believe they simply aren’t prepared

• 53% also believe they will experience an attack in the next 12 months.

IN YOUR ZONE

Who Attacked and Where

5

• 27% of respondents were willing to blame 3rd party business partners

• 40% could not conclusively determine the source of the attacks

IN YOUR ZONE

Increase in Attacks

6

• The last 12 – 18 months has seen an increase in the severity of the attacks

• 77% of companies reported that they were now losing more money with every attack

• 78% also said that the frequency of attacks was also on the increase

• Theft of information and business disruptions were the most serious results of a hack

IN YOUR ZONE

Hacked Companies – 2011-2013

7

• Sony and the PlayStation Network

• WordPress.com

• RSA

• Voice of America

IN YOUR ZONE

What is a Penetration Testing?

• A penetration test is a method of evaluating the security of a computer system or

network by simulating an attack from a malicious source

8

IN YOUR ZONE

Why Penetration Testing?

• Find Holes Now Before Somebody Else Does

• To make a point to decision makers about the need for action or resources

• Real-world proof of need for action

• Report Problems to Management

• Evaluate efficiency of security protection

• Security Training For Network Staff

• Discover Gaps In Compliance

• Testing New Technology

• Adopt best practice by confirming to legal regulations

9

IN YOUR ZONE

Penetration Testing types

• Network services test

• Client-side security test

• Application security test

• Passwords attack

•Wireless & Remote Access security test

• Social engineering test

• Physical security test

10

IN YOUR ZONE

Penetration Testing area

11

Security policies, procedures, and education

Policies, procedures, and awareness

Guards, locks, tracking devicesPhysical security

Application hardeningApplication

OS hardening, authentication, security update management, antivirus updates, auditing

Host

Network segments, NIDSInternal network

Firewalls, boarder routers, VPNs with quarantine procedures

Perimeter

Strong passwords, ACLs, backup and restore strategy

Data

IN YOUR ZONE

Penetration Testing profile

•Black Box

•White Box

•Grey Box

12

•External

• Internal

•Destructive

•None-destructive

•Announced

•Unannounced

IN YOUR ZONE

Penetration Testing methodology

• Proprietary methodologies:

• IBM

• ISS

• Found Stone

• EC-Council LPT

• Open source and public methodologies:

• OSSTIMM

• CISSP

• CISA

• CHECK

• OWASP

13

IN YOUR ZONE

Penetration Testing flow

• Scope/Goal Definition

• Information Gathering

• Vulnerability Detection/Scanning

• Information Analysis and Planning

• Attack& Penetration/Privilege Escalation

• Result Analysis & Reporting.

• Clean-up

14

REPEAT

IN YOUR ZONE

LPT Penetration Testing roadmap

15

IN YOUR ZONE

LPT Penetration Testing roadmap (cont)

16

IN YOUR ZONE

Who should perform a Penetration Test?

• This is a highly manual process

• Art of finding an open door

• An qualified expert from outside holding recognized certifications like CEH, ECSA, CISSP, CISA, CHECK

• Networking – TCP/IP contepts, cabling techniques

• Routers, firewalls, IDS

• Ethical Hacking techniques – exploits, hacking tools, etc…

• Databases – Oracle, MSSQL, mySQL

• Operation Systems – Windows, Linux, Mainframe, Mac

• Wireless protocols – Wifi, Bluetooth

• Web servers, mail servers, access devices

• Programming languages

• other

17

IN YOUR ZONE

What makes a good Penetration Test

• Establishing the parameter for penetration test such as objectives and limitation

• Hiring skilled and experienced professional to perform the test

• Choosing suitable set of tests that balance cost and benefits

• Following a methodology with proper planning and documentation

• Documenting the result carefully and making it comprehensible for the client

• Stating the potential risk and findings clearly in the final report

18

IN YOUR ZONE

Vulnerability Scanning – standalone service

• An established process for identifying

vulnerabilities on internal and external

systems

• Reduce the likelihood of a vulnerability

being exploited and potential compromise

of a system component

• Internal vulnerability scans should be

performed at least quarterly

19

IN YOUR ZONE

How often?

• On regular basis, at least annually

• Internal penetration test

• External penetration test

• Vulnerability scanning at least quarterly

• New network infrastructure or applications are added

• Significant upgrades or modifications are applied to infrastructure or applications

• New office locations are established

• Security patches are applied

• End user policies are modified

20

IN YOUR ZONE

Security Services Offered by Endava

21

• Regular External and Internal Vulnerability Scans

• Regular Penetration Tests

• PCI-DSS Assessment

• Implementing ISO 27001 and/or ISO 9001 Standards

• Security Trainings

• Security Consultation

• Security Audits

• Custom Security Solution

• Intrusion Monitoring Solution

• 24/7 Incident responding team

IN YOUR ZONE

Questions

22

IN YOUR ZONE

The end

23

Maxim Catanoi| IT Security Consultant

maxim.catanoi@endava.com

Tel +373 797 02900 |Skype en_mcatanoi

thank you