1 / 23

download free Certified Penetration Testing Engineer

Cyber Fox is EC-Council accredited training centers in Vijayawada and this institute provide best Certified Penetration Testing Engineer or CPTE training in Vijayawada.<br>

deepak556
Download Presentation

download free Certified Penetration Testing Engineer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Penetration testing & Ethical Hacking

  2. Agenda •Hacked Companies •Penetration Testing •Vulnerability Scanning •Security Services offered by Endava 2

  3. Who I am •Catanoi Maxim – Information Security Consultant at Endava •Certifications: •EC-Council, Certified Ethical Hacker •EC-Council, Certified Security Analyst •EC-Council, Licensed Penetration Tester •SANS/GIAC Penetration Tester •PCI-DSS, PCI Professional (Payment Card Industry) •Over 9 years of experience in IT Security IN YOUR ZONE 3

  4. Hacked companies – 2011-2013 •90% of 600 companies suffered a computer hack in the past 12 months •77% of companies were actually hacked multiple times •The respondents reported having a very low confidence in their ability to prevent attacks •Many believe they simply aren’t prepared •53% also believe they will experience an attack in the next 12 months. IN YOUR ZONE 4

  5. Who Attacked and Where •27% of respondents were willing to blame 3rd party business partners •40% could not conclusively determine the source of the attacks IN YOUR ZONE 5

  6. Increase in Attacks •The last 12 – 18 months has seen an increase in the severity of the attacks •77% of companies reported that they were now losing more money with every attack •78% also said that the frequency of attacks was also on the increase •Theft of information and business disruptions were the most serious results of a hack IN YOUR ZONE 6

  7. Hacked Companies – 2011-2013 •Sony and the PlayStation Network •WordPress.com •RSA •Voice of America IN YOUR ZONE 7

  8. What is a Penetration Testing? •A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source IN YOUR ZONE 8

  9. Why Penetration Testing? •Find Holes Now Before Somebody Else Does •To make a point to decision makers about the need for action or resources •Real-world proof of need for action •Report Problems to Management •Evaluate efficiency of security protection •Security Training For Network Staff •Discover Gaps In Compliance •Testing New Technology •Adopt best practice by confirming to legal regulations IN YOUR ZONE 9

  10. Penetration Testing types •Network services test •Client-side security test •Application security test •Passwords attack •Wireless & Remote Access security test •Social engineering test •Physical security test IN YOUR ZONE 10

  11. Penetration Testing area Strong passwords, ACLs, backup and restore strategy Data Application Application hardening OS hardening, authentication, security update management, antivirus updates, auditing Host Internal network Network segments, NIDS Firewalls, boarder routers, VPNs with quarantine procedures Perimeter Physical security Guards, locks, tracking devices Security policies, procedures, and education Policies, procedures, and awareness IN YOUR ZONE 11

  12. Penetration Testing profile •Black Box •White Box •Grey Box •External •Internal •Destructive •None-destructive •Announced •Unannounced IN YOUR ZONE 12

  13. Penetration Testing methodology •Proprietary methodologies: •IBM •ISS •Found Stone •EC-Council LPT •Open source and public methodologies: •OSSTIMM •CISSP •CISA •CHECK •OWASP IN YOUR ZONE 13

  14. Penetration Testing flow •Scope/Goal Definition •Information Gathering •Vulnerability Detection/Scanning •Information Analysis and Planning •Attack& Penetration/Privilege Escalation •Result Analysis & Reporting. •Clean-up REPEAT IN YOUR ZONE 14

  15. LPT Penetration Testing roadmap IN YOUR ZONE 15

  16. LPT Penetration Testing roadmap (cont) IN YOUR ZONE 16

  17. Who should perform a Penetration Test? •This is a highly manual process • • An qualified expert from outside holding recognized certifications like CEH, ECSA, CISSP, CISA, CHECK • • Routers, firewalls, IDS • • Databases – Oracle, MSSQL, mySQL • • Wireless protocols – Wifi, Bluetooth • • Programming languages •other Art of finding an open door Networking – TCP/IP contepts, cabling techniques Ethical Hacking techniques –exploits, hacking tools, etc… Operation Systems – Windows, Linux, Mainframe, Mac Web servers, mail servers, access devices IN YOUR ZONE 17

  18. What makes a good Penetration Test •Establishing the parameter for penetration test such as objectives and limitation •Hiring skilled and experienced professional to perform the test •Choosing suitable set of tests that balance cost and benefits •Following a methodology with proper planning and documentation •Documenting the result carefully and making it comprehensible for the client •Stating the potential risk and findings clearly in the final report IN YOUR ZONE 18

  19. Vulnerability Scanning – standalone service •An established process for identifying vulnerabilities on internal and external systems •Reduce the likelihood of a vulnerability being exploited and potential compromise of a system component •Internal vulnerability scans should be performed at least quarterly IN YOUR ZONE 19

  20. How often? •On regular basis, at least annually •Internal penetration test •External penetration test •Vulnerability scanning at least quarterly •New network infrastructure or applications are added •Significant upgrades or modifications are applied to infrastructure or applications •New office locations are established •Security patches are applied •End user policies are modified IN YOUR ZONE 20

  21. Security Services Offered by Endava •Regular External and Internal Vulnerability Scans •Regular Penetration Tests •PCI-DSS Assessment •Implementing ISO 27001 and/or ISO 9001 Standards •Security Trainings •Security Consultation •Security Audits •Custom Security Solution •Intrusion Monitoring Solution •24/7 Incident responding team IN YOUR ZONE 21

  22. Questions IN YOUR ZONE 22

  23. Contact us Cyber Fox Technology Address: 3rd Floor, Lohia Towers, Nirmala Convent Road, Patmata Distt. Krishna , Vijayawada (India) Contact Email: info@cyberfoxtechnology.org Mobile: +91-9652038194 Website: http://cyberfoxtechnology.org Thank you IN YOUR ZONE 23

More Related