Penetration testing is a series of activities undertaken to identify and exploit security vulnerabilities. Penetration testing can be carried out in several different ways, including zero knowledge, full knowledge, or partial network knowledge. Regardless of what is known about the network, the penetration test team typically starts with basic user access. Its goal is to advance to root or administrator and control the network or systems. Probably the most important step of a penetration test is the approval. Without a signed consent of the network owner, the penetration test team could very well be breaking the law. A generic model of a penetration test is listed here:
- Discovery Identify and document information about the targeted organization.
- Enumeration Use intrusive methods and techniques to gain more information about the targeted organization.
- Vulnerability mapping Map the findings from the enumeration to known and potential vulnerabilities.
- Exploitation Attempt to gain user and privileged access by launching attacks against known vulnerabilities.
Penetration testing can be performed with the full knowledge of the security staff, as a blind test, or a double-blind test. A blind test is one in which only publicly available information is used. A double-blind test is one in which only publicly available information is used and the security staff is not notified of the event. A double-blind test allows the organization to observe the reactions of the security staff.
These other types of tests should be considered beyond basic penetration tests:
- Application security testing Many organizations offer access to core business functionality through web-based applications. This can give attackers a big potential target. Application security testing verifies that the controls over the application and its process flow are adequately designed.
- Denial-of-service (DoS) testing The goal of DoS testing is to evaluate the networks susceptibility to DoS attacks.
- War dialing War dialing is an attempt to systematically call a range of telephone numbers to identify modems, remote-access devices, and maintenance connections of computers that could exist on an organization’s network.
- Wireless network testing This form of testing is done to verify the organization’s wireless access policies and ensure that no misconfigured devices have been introduced that have caused additional security exposures.
- Social engineering testing This form of penetration test refers to techniques using social interaction, typically with the organization’s employees, suppliers, and contractors, to gather information and penetrate the organization’s systems.
A honeypot is much like an IDS, in that it is another tool for detecting intrusion attempts. A honeypot is really a tool of deception. Its purpose is to fool an intruder into believing that the honeypot is a vulnerable computer. Honeypots usually contain phony files, services, and databases to attract and entrap a hacker. For these lures to be effective, they must adequately persuade hackers that they have discovered a real system. Some honeypot vendors sell products that can simulate an entire network, including routers and hosts that are actually located on a single workstation. Honeypots are effective because real servers can generate tons of traffic, which can make it hard to detect malicious activity. The honeypot can be deployed in such a manner that it is a separate server not being used by production. Because nothing is running on this server except the honeypot, it can easily detect any potential intrusions.
So, honeypots can be configured in such a way that administrators will be alerted to their use and will have time to plan a defense or guard of the real network. However, the downside of honeypots includes the fact that, just like any other security system on the network, they require time and configuration. Administrators must spend a certain amount of time monitoring these systems. In addition, if an attacker can successfully compromise the honeypot, he now has a base of attack from which to launch further attacks.
**Source by wikipedia**
To Become Certified For CISSP Please Visit This Link ;