Kevin Beaver - Hacking For Dummies

If you’re not sure what tools to use, fear not. Throughout this book, I introduce a wide variety of tools —free and commercial — that you can use to accomplish your tasks. Chapter 1provides a list of commercial, freeware, and open-source tools. The appendix contains a comprehensive list of tools.

It’s important to know what each tool can and can’t do, as well as how to use each one. I suggest reading the manual or help files. Unfortunately, some tools have limited documentation, which can be frustrating. You can search forums and post a message if you’re having trouble with a specific tool, and you may get some help.

Security vulnerability scanning and exploit tools can be hazardous to your network’s health. Be careful when you use them. Always make sure that you understand what they are capable of before you use them. Try your tools on test systems if you’re not sure how to use them. Even if you’re familiar with the tools, this precaution can prevent DoS conditions and data loss on your production systems.

If you’re like me, you may despise some freeware and open-source security tools. Plenty of them have wasted hours or even days of my life that I’ll never get back. If these tools end up causing you more headaches than they’re worth or don’t do what you need them to do, consider purchasing commercial alternatives, which are often easier to use and typically generate much better reports. Some commercial tools are expensive, but their ease of use and functionality may justify the initial and ongoing costs. In most situations with security tools, you get what you pay for.

Chapter 4

IN THIS CHAPTER

Examining steps for successful vulnerability and penetration testing

Gleaning information about your organization from the Internet

Scanning your network

Looking for vulnerabilities

Before you dive headfirst into your security testing, it’s critical to have a methodology to work from. Vulnerability and penetration testing involves more than poking and prodding a system or network. Proven techniques can guide you along the hacking highway and ensure that you end up at the right destination. Using a methodology that supports your testing goals separates you from the amateurs. A methodology also helps ensure that you make the most of your time and effort.

In the past, a lot of security assessment techniques involved manual processes. Now certain vulnerability scanners automate various tasks, from testing to reporting to remediation validation (the process of determining whether a vulnerability was fixed). Some vulnerability scanners can even help you take corrective actions. These tools allow you to focus more on performing the tests and less on the specific steps involved. Following a general methodology and understanding what’s going on behind the scenes will help you find the things that really matter.

Think logically — like a programmer, a radiologist, or a home inspector — to dissect and interact with all the system components to see how they work. You gather information, often in many small pieces, and assemble the pieces of the puzzle. You start at point A with several goals in mind, run your tests (repeating many steps along the way), and move closer until you discover security vulnerabilities at point B.

The process used for such testing is the same as the one that a malicious attacker would use. The primary differences lie in the goals and how you achieve them. Today’s attacks can come from any angle against any system — not just from the perimeter of your network and the Internet as you may have been taught in the past. Eventually, you’ll want to test every possible entry point, including partner, vendor, and customer networks, as well as home users, wireless networks, and mobile devices. Any human being, computer system, or physical component that protects your computer systems — both local and in the cloud — is fair game for attack, and it needs to be tested eventually.

When you start rolling with your testing, you may want to keep a log of the tests you perform, the tools you use, the systems you test, and your results. This information can help you do the following:

Track what worked in previous tests and why.

Prove what you did.

Correlate your testing with firewalls, intrusion prevention systems (IPSes), and other log files if trouble or questions arise.

Document your findings.

In addition to general notes, taking screen captures of your results (using Snagit, Snip & Sketch, or a similar tool) whenever possible is very helpful. These shots will come in handy later if you need to show proof of what occurred, and they’ll also be useful as you generate your final report. Also, depending on the tools you use, these screen captures may be your only evidence of vulnerabilities or exploits when the time comes to write your final report. Chapter 3lists the general steps involved in creating and documenting a security testing plan.

Your main tasks are to find the vulnerabilities and to simulate the information gathering and system compromises carried out by someone with malicious intent — a partial attack on one computer, perhaps, or a comprehensive attack against the entire network. Generally, you look for weaknesses that malicious users and external attackers might exploit. Assess both external and internal systems (including processes and procedures that involve computers, networks, people, and physical infrastructures). Look for vulnerabilities. Check how all your systems interconnect and how private systems and information are (or aren’t) protected from untrusted elements.

These steps don’t include specific information on the methods that you use for social engineering and assessing physical security, but the techniques are the same. I cover social engineering and physical security in more detail in chapters 6and 7, respectively.

If you’re performing a security assessment for a client, you may go the blind assessment route, which means that you start with just the company name and no other information. This blind assessment approach allows you to start from the ground up and gives you a better sense of the information and systems that malicious attackers can access publicly. Whether you choose to assess blindly (covertly) or overtly, keep in mind that the blind way of testing can take longer, and you may have an increased chance of missing some (or many) security vulnerabilities. Blind assessment isn’t the ideal testing method, but some people may want it.