Kevin Beaver - Hacking For Dummies

Knowledge of the systems before testing: You don’t need extensive knowledge of the systems you’re testing — just basic understanding, which protects both you and the tested systems. Understanding the systems you’re testing shouldn’t be difficult if you’re testing your own in-house systems. If you’re testing a client’s systems, you may have to dig deeper. Only one or two clients have asked me for a fully blind assessment.Most IT managers and others who are responsible for security may be scared of blind assessments, which can take more time, cost more, and be less effective. Base the type of test you perform on the organization’s or client’s needs.

Actions to take when a major vulnerability is discovered: Don’t stop after you find one or two security holes; keep going to see what else you can discover. I’m not saying that you should keep testing until the end of time or until you crash all your systems; ain’t nobody got time for that! Instead, simply pursue the path you’re going down until you can’t hack it any longer (pun intended). If you haven’t found any vulnerabilities, you haven’t looked hard enough. Vulnerabilities are there. If you uncover something big such as a weak password or SQL injection on an external system, you need to share that information with the key players (developers, database administrators, IT managers, and so on) as soon as possible to plug the hole before it’s exploited.

The specific deliverables: Deliverables may include vulnerability scanner reports and your own distilled report outlining important vulnerabilities to address, along with recommendations and countermeasures to implement.

As in any project, if you don’t have the right tools for your security testing, you’ll have difficulty accomplishing the task effectively. Having said that, just because you use the right tools doesn’t mean that you’ll discover all the right vulnerabilities. Experience counts.

Know the limitations of your tools. Many vulnerability scanners and testing tools generate false positives and negatives (incorrectly identifying vulnerabilities). Others skip vulnerabilities. In certain situations, such as testing web applications, you have to run multiple vulnerability scanners to find all the vulnerabilities.

Many tools focus on specific tests, and no tool can test for everything. For the same reason that you wouldn’t drive a nail with a screwdriver, don’t use a port scanner to uncover specific network vulnerabilities or a wireless network analyzer to test a web application. You need a set of specific tools for the task. The more (and better) tools you have, the easier your security testing efforts will be.

Make sure that you’re using tools like these for your tasks:

To crack passwords, you need cracking tools such as Ophcrack and Proactive Password Auditor.

For an in-depth analysis of a web application, a web vulnerability scanner (such as Acunetix Web Vulnerability Scanner or Probely) is more appropriate than a network analyzer (such as Wireshark or OmniPeek).

The capabilities of many security and hacking tools are misunderstood. This misunderstanding has cast a negative light on otherwise excellent and legitimate tools; even government agencies around the world are talking about making them illegal. Part of this misunderstanding is due to the complexity of some of these security testing tools, but it’s largely based in ignorance and the desire for control. Whichever tools you use, familiarize yourself with them before you start using them. That way, you’re prepared to use the tools in the ways that they’re intended to be used. Here are ways to do that:

Read the readme and/or online help files and FAQs (frequently asked questions).

Study the user guides.

Use the tools in a lab or test environment.

Watch tutorial videos on YouTube (if you can bear the poor production of most of them).

Consider formal classroom training from the security-tool vendor or another third-party training provider, if available.

Look for these characteristics in tools for security testing:

Adequate documentation

Detailed reports on discovered vulnerabilities, including how they might be exploited and fixed

General industry acceptance

Availability of updates and responsiveness of technical support.

High-level reports that can be presented to managers or nontechnical types (especially important in today’s audit- and compliance-driven world)

These features can save you a ton of time and effort when you’re performing your tests and writing your final reports.

Good security testing takes persistence. Time and patience are important. Also, be careful when you’re performing your tests. A criminal on your network or a seemingly benign employee looking over your shoulder may watch what’s going on and use this information against you or your business.

Making sure that no hackers are on your systems before you start isn’t practical. Just be sure to keep everything as quiet and private as possible, especially when you’re transmitting and storing test results. If possible, encrypt any emails and files that contain sensitive test information or share them via a cloud-based file sharing service.

You’re on a reconnaissance mission. Harness as much information as possible about your organization and systems — much as malicious hackers do. Start with a broad view and narrow your focus. Follow these steps:

1 Search the Internet for your organization’s name, its computer and network system names, and its IP addresses.Google is a great place to start.SAMPLE SECURITY TESTING TOOLSWhen selecting the right security tool for the task, ask around. Get advice from your colleagues and from other people via Google, LinkedIn, and YouTube. Hundreds, if not thousands, of tools are available for security tests. Following are some of my favorite commercial, freeware, and open-source security tools:Acunetix Web Vulnerability ScannerCain & AbelBurp SuiteCommView for WiFiElcomsoft System RecoveryLUCYManageEngine Firewall AnalyzerMetasploitNessusNetScanTools ProNetsparkerOmniPeekProactive Password AuditorProbelyQualysSoftPerfect Network ScannerI discuss these tools and many others in Parts 2through 5in connection with specific tests. The appendix contains a more comprehensive list of these tools for your reference.

2 Narrow your scope, targeting the specific systems you’re testing.Whether you’re assessing physical security structures or web applications, a casual assessment can turn up a lot of information about your systems.

3 Further narrow your focus by performing scans and other detailed tests to uncover vulnerabilities on your systems.

4 Perform the attacks and exploit any vulnerabilities you find (if that’s what you choose to do).

Check out Chapters 4and 5for information and tips on this process.

Assess your results to see what you’ve uncovered, assuming that the vulnerabilities haven’t been made obvious before now. Knowledge counts. Your skill in evaluating the results and correlating the specific vulnerabilities discovered will get better with practice. You’ll end up knowing your systems much better than anyone else does, which will make the evaluation process much simpler moving forward.

Submit a formal report to management or to your client outlining your results and any recommendations you need to share. Keep these parties in the loop to show that your efforts and their money are well spent. Chapter 17describes the security assessment reporting process.