Читать книгу Penetration Testing For Dummies - Robert Shimonski - Страница 18

Having an understanding of an organization’s business model and industry will enable you to take a holistic approach to security practices. Gaining that holistic view may require programming, network engineering, and system engineering, as well as understanding endpoints, desktops, storage, and many other systems and services. This doesn’t mean you can’t practice security if you don’t have all these other skills, but it definitely makes a difference on your ability to strategize and lead a security effort, and/or be able to respond to security threats, breaches, and attacks with better efficiency.

Security in a holistic view is also known as defense in depth. Confidentiality, integrity, and availability (CIA) make up a triad and defense in depth and pen testing helps to secure it, which is essentially the entire holistic view of practicing security in an organization.

To be able to conduct a pen test with any amount of confidence, the more you know about security and network architecture, the better. For example, to run a basic pen test, you need to enter a network address or subnet range in your scanning tool.

You need to also know the difference between vulnerability scanning and pen testing and why they’re similar and how they’re different. Figure 1-1 shows the basics of setting up an IP addressing range to scan and identify vulnerabilities. After you know the risks and weaknesses, you can then move into the details on how to exploit (pen test) what has been found so you can learn whether the technology is secured.

FIGURE 1-1: Adding an IP range to scan.

It’s also crucial to understand IP, protocols, networking, and other technologies related (and also not directly related) to security analysis because as weaknesses are identified (perhaps with a scan), then you can then move to exploit them (pen test) no matter what technology you’re presented with (database, mainframes, virtualized systems, for example).

In the following sections, I outline what knowledge you need to be a successful pen tester.

No stone is unturned as a pen tester, and what you need to expect is everything and anything. You are tested just as much as the systems you’re testing. Additionally, criminal activity isn’t confined to computers. The Internet of things (IOT) is an ever-expanding network of connected devices that includes, but is not limited to, tablets, phones, and smarthome devices such as TVs and thermostats. You may not encounter all those devices working as a professional pen tester in the corporate world, but you need to be aware of all connected devices. And when you’re pen testing, take time to find out which devices could be affected, such as mobile devices and assets used by field staff.

Also be aware of a hacker’s reconnaissance procedures. Hackers often begin attacks by using general research techniques, such as Internet searches that point a hacker in a direction, to learn more about accessing your company. For example, a simple Whois search might provide an address. A DNS search or query could provide a clue. Google searches may help to identify paths of attack, URLs, domain names, IPs, email addresses, and more. See Chapter 2 for more about reconnaissance.