Читать книгу Penetration Testing For Dummies - Robert Shimonski - Страница 26

When you conduct any pen test, your goal is to have a strategy.

You can blindly run tests to see what you find; you can also try to penetrate systems to find whether there are any weaknesses. That’s fine for any scans or tests you conduct weekly or monthly to assess your overall security posture, which is the status of the security of your company’s software and hardware, networks, services, and information. The state of your security posture should be evaluated regularly and take into account your readiness and ability to react to and recover from incidents.

Sometimes you want to go deeper and really test your security posture by conducting specific attacks, such as penetration, stealth operations, destroy attacks, and overwhelm attacks. For example, if you believe a hacker’s goal is to gain access to files from outside of your corporate network, your goal should be to assess that threat using your tools.

You also want to conduct both internal and external tests. You never know where your attacks might originate from.

A high-level view of what vectors an attack may come from— both those from within your trusted network (with trusted users) and those that originate from outside of your security perimeter from untrusted users — is essential to have. An example of an external attack from an outside untrusted user may come in the form of someone using a website you host in your network (usually in a demilitarized zone [DMZ]) that may find a vulnerability that allows them to access resources from within your trusted network. On the contrary, an internal attack is just that — originating from inside your network that easily evades all the perimeter security such as firewalls and access control lists.

Either way, you can run scans using Nessus (see Figure 1-6) to see whether either of those vectors produce the result you don’t want, which is a hacker gaining access to your systems without your knowledge.

I discuss how to select the right tool and analyze for weaknesses that could cause your enterprise, brand, and data great harm if not fixed or monitored in Part 2.

FIGURE 1-6: Use Nessus to conduct an assessment.

You need to find the right balance between security and assessment. You might know of a hack, but not be able to fix it. A completely 100 percent secure system is usually unusable to anyone. Networks and systems were made to be used and that means leaving ports open. For example, the Internet generally requires that port 80 (HTTP) be left open.