Professional Documents
Culture Documents
TESTING
1) Intrusion Detection
2) Increasing Security
Tools used
Metasploit Framework :
1. It is one of the most commonly used tools for
penetration testing .
2. It provides information about security
vulnerabilities and also develop and execute
exploit code against a machine .
Tools used
Veracode :
1. It determines whether sufficient Encryption
Tools used
Wire Shark (packet sniffer) :
1. Report and capture any traffic within a
network .
2. Great tool to access network bag-downs ,
protocol analysis , suspicious traffic ,etc ,.
Tools used
Cain and Abel :
1. Password recovery tool for windows .
2. It uses dictionary attacks , brute force and
Tools used
John The Riper :
1. It is a password cracker runs on LINUX /
UNIX , MAC OSX and Windows .
2. It can be run against various encrypted
passwords including several crypt password
hash types that runs on various platforms of
UNIX .
Tools used
Snort :
1. NIPS AND NIDS .
2. It uses signature , protocol and anomaly
Tools used
Kismet :
1. Powerful packet sniffer and intrusion
Tools used
Hping 3 :
1. It has built in trace route mode .
2. Particularly used when trying to trace route
Schematic Diagram
Vulnerability Assessment
VS
Penetration Testing
Vulnerability
Assessment :
1. It detects
vulnerabilities of a
system and also
provides an overview of
the flaws exists in a
system .
Penetration testing :
1. It gains
unauthorized access
to the network or
system and identifies
possible impacts of
system flaws .
1) Planning and
Preparation
The prime objective of penetration test is to
Vulnerability Detection
Weakness of a system or a network can be
2. Automatically :
Penetration Attempt
The prime importance thing of penetration
attempt are the time estimation and the
target .
2. Naming the machines (like sourcecode_pc ,
int_surfing) will reduce time as well as to
attack the target .
3. One can also do Dumpster Diving to
penetrate a system or network .
1.
to penetrate a target .
Ex : Password cracking is normal in practice .
Cracking a password involves
i. Dictionary attack : Uses a word list or
dictionary file.
ii. Hybrid crack : Test for passwords that are
variations for words in the dictionary file .
iii. Brute force : Tests for all combination of
passwords .
Also penetrating tool called Brutus employed
in automatic password cracking for telnet
and ftp .
Baiting
Tailgating
Reporting
Overall analysis .
Summary of any successful penetration
attempt .
Detailed description of all the vulnerabilities
found .
Highlights on High and Low threatening
vulnerabilities .
Suggestions to resolve the vulnerabilities
found .
Cleaning up
To clean up any mess (unwanted
Limitations
It can cause Congestion and System crashing
.
It does not provide any information about the
Conclusion
Penetration testing involves a real world attack
of the system .
It is not a best way , as it does not able to find all
the vulnerabilities exists in a system .
It should be performed after careful consideration
, notification and planning since it has a high
factor of risk than vulnerability scanning .
It provides the address of vulnerabilities present
in the system which helps the management to fix
it and also it helps the management to make
decisions .