1 / 9

Penetration Testing Learning Environment in TUAS CAMIM meeting, Pecs, Hungary, 5 th June 2013 Esko Vainikka, Principal

Penetration Testing Learning Environment in TUAS CAMIM meeting, Pecs, Hungary, 5 th June 2013 Esko Vainikka, Principal Lecturer, CISSP. www.tuas.fi. What & Why.

tyme
Download Presentation

Penetration Testing Learning Environment in TUAS CAMIM meeting, Pecs, Hungary, 5 th June 2013 Esko Vainikka, Principal

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Penetration Testing Learning Environment in TUASCAMIM meeting, Pecs, Hungary, 5th June 2013Esko Vainikka, Principal Lecturer, CISSP www.tuas.fi

  2. What & Why • Many organizations do not know whether they are protected well enough against attacks done by outsiders to them and/or their insiders • The best way to inspect what is the level of a organization’s information security is to audit and test the implemented security controls! • Penetration testing (pen testing) is also known with the names Ethical Hacking and White Hat hacking but they have a little bit bad reputation • In penetration testing the tester is emulating the actions that the attacker would attempt • Thus Sun Zu’s sentence ”Know your enemy and know yourself, then your victory is never at risk” is a good starting point • The goal is to prove that the tester is able to compromise the systems targeted and that the vulnerabilities found will lead to e.g. loss of revenue unless properly addressed • In penetration testing ethical and juridical issues must always be taken into account • The pen tester must always have a permission to do testing! • At least the target organization’s, its service providers’ and the tester’s data communication operator approvals are mandatory! www.tuas.fi

  3. What & Why • Penetration testing is often confused with vulnerability asessment but it is much more • The biggest difference is that the vulnerabilities found are really exploited • Another difference is that the testing is tried to do secretly without alarm signals and flashing lights (like real intruders try to do) • The starting point of pen testing is always planning (which must be approved by the target organization) including possible signing of NDA’s and the last phase is reporting • Pen testing has an unofficial standard named Penetration Testing Execution Standard (PTES) (available on www.pentest-standard.org) which describes the 7 phases of pen testing • Pre-engagement Interactions • Intelligence Gathering • Threat Modeling • Vulnerability Analysis • Exploitation • Post-Exploitation • Reporting www.tuas.fi

  4. Our Learning Goals • To get our students familiar with e.g. • real-world attackers activities • what kind of tools attackers use • what kind of security controls use to protect against attackers • To learn how e.g. • to find different kinds of vulnerabilities in organizations’ security practices, OS’s and software applications • attackers exploit these vulnerabilities • To utilize the environment for the lab work of our other information security courses, like • The basic course Information Security • Web Application Security • Virus and Malware Protection • One goal is of course to take part in Capture The Flag (CTF) competitions with success There is currently during our meeting running in Berlin SANS organization’s training course ’Pen Test Berlin 2013’ Note! www.tuas.fi

  5. Our Research Goals (some of them) • To studyhowattack tools really work and how to protect againstthem • To studyhow to find vulnerabilities from different operational systems and swapplications • To studyhowso-called evasion techniques work and how to recognizeattacksbased on them • To studyinformationsecurity in wirelessnetworks • To study the differences in informationsecurity of IPv4 and IPv6 networks • To find an effective method to teach penetration testing to the students • To develop an applicable method for testing software solutions’ security in our environment • To develop a concept to give demonstrations to e.g. SME sectorcompaniesfromattacks & intrusions and theirimpacts to business www.tuas.fi

  6. How – Infrastructure of the environment VM’s VM’s VM’s VM’s VM’s PC PC PC ... PC PC Part 1 FW’s, IDS/IPS ... WLAN’s Inet, Other nets SW SW DC’s Router DNS, DHCP SW SRV FW VM’s VM’s SRV SRV Part 2 6 NIC’s 6 NIC’s SW SW www.tuas.fi

  7. How - Tools • In Part 1, in dedicated Virtual Machines • BackTrack 5 R3 & Kali Linux added with some tools, and other free tools (e.g. Rapid 7’s Metasploit Community Edition) • Windows XP SP3 & Windows 7, and other Operational Systems (if needed) as target systems • Metasploitable 2 as a target system • Mutillidae and Kioptrix (Web applications) as targetsystems • Virtual and hardware firewalls, SNORT, Wireshark, etc. as security controls and investigation tools (also systems’ log files will be utilized) • Etc. • In Part 2, in dedicated Virtual Machines • Same as in Part 1, and • Rapid 7’s Nexpose Enterprise vulnerability scanner (for centralized use) • AlienVault’s OSSIM (Open Source SIEM, Security Information and Event Management) • Symantec Corp.’s Endpoint Protection and Critical System Protection solutions (clients in Part 1’s suitable virtual machines) as security controls • OWASP’s WebGoat (Web applications) as a learning environment • Etc. www.tuas.fi

  8. How – Phases (Practical Work) • Phase 1 • To get familiar with the tools and with PTES standard • To learn to utilize them • Phase 2 • To learn to plan penetration testing • To apply the tools for pen testing in our laboratory environment • Phase 3 • To conduct pen testing to a real-world target organization (if available) from our lab environment to the target or in the target’s own environment or a mixture of them • Can be realized also by conducting pen testing to a target organization’s software application in our lab environment (Part 2) Note! The first application for pen testing in our environment will be the solution ’Database for SpectrumShare’ (a.k.a. solution for the use of TV White Space) createdpartlybyourstudents www.tuas.fi

  9. Literature – Some books worth of reading • Ramachandran, Vivek. 2011. BackTrack 5 Wireless Penetration Testing. Packt Publishing. • Engebretson, Patrick. 2011. The Basics of hacking and Penetration Testing. Syngress. • Kennedy, David. 2011. Metasploit: The Penetration Tester’s Guide. No Starch Press. • Walker, Matt. 2011. CEH Certified Ethical Hacker: All-In-One Exam Guide. McGraw-Hill Osborne Media. • Pritchett, Willie & De Smet, David. 2012. BackTrack 5 Cookbook. Packt Publishing. • Singh, Abhinav. 2012. Metasploit Penetration Testing Cookbook. Packt Publishing. • Alle, Lee. 2012. Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide. Packt Publishing. www.tuas.fi

More Related