EC-Council E-Business Certification Series
Copyright © by EC-Council
Developer - Thomas Mathew
Publisher - OSB Publisher
ISBN No - 0972936211
Copyright © by EC-Council
Developer - Thomas Mathew
Publisher - OSB Publisher
ISBN No - 0972936211
By explaining computer security and outlining methods to test computer systems for possible weaknesses, this guide provides the tools necessary for approaching computers with the skill and understanding of an outside hacker.
Introduction:This module attempts to bridge various aspects of ethical hacking by suggesting an approach for undertaking penetration testing. There are different ways of approaching a penetration test.
Introduction:This module attempts to bridge various aspects of ethical hacking by suggesting an approach for undertaking penetration testing. There are different ways of approaching a penetration test.
External ApproachWith some prior knowledge
Without prior knowledge
Internal Approach
With some prior knowledge
With deep knowledge
Whatever the approach adopted, it is a fact that penetration testing is constrained by time and availability of resources, which varies from client to client. To effectively utilize both these telling factors, penetration testers adopt some form of structure or methodology. These can be checklists developed by consulting practices, widely available resources such as Open Source Security Testing Methodology or a customized attack strategy.
There are is no single set of methodology that can be adopted across client organizations. The skeletal frame of testing however is more or less similar. The terms of reference used for various phases may differ, but the essence is the same. As discussed in preceding modules, the test begins with:
Footprinting / Information Gathering phase
Discovery and Planning / Information Analysis phase
Detecting a vulnerability / security loophole
Attack / Penetration / Compromise
Analysis of security posture / Cover up / Report
Clean up
The general objective of a penetration test is to reveal where security fails. The result of a penetration test can be:
successful attack - when the objective is met within the scope of the attack
a partial success - when there has been a compromise, but not enough to achieve the objective
a failure - when the systems have been found to be robust to the attack methodology adopted
Foot printing / Information Gathering phase:
Client site intelligence
Infrastructure fingerprinting
Network discovery and Access point discovery
Discovery and Planning / Information Analysis phase:
Target Identification
Resource and Effort Estimation
Modeling the Attack strategy (s)
Relationship Analysis
Detecting a vulnerability / security loophole:
Vulnerability Analysis
Scanning
Enumeration
Zeroing the target
Attack / Penetration / Compromise
Exploring viable exploits (new / created / present)
Executing the attack / Alternate attack strategy
Target penetration
Escalating the attack
Analysis of security posture / Cover up / Report
Consolidation of attack information
Analysis and recommendations
Presentation and deliverables
Clean up
Clean up tasks and proceduresRestoring security posture
Download :
EC-Council Exam 312-50 : Student Courseware
EmoticonEmoticon