IS4560 Lab 1

Assessment
Worksheet
Develop an Attack &
Penetration Test Plan
Steven Schmitt (14586746)
Mr. D. Shady
9/19/2014

1. List the 5 steps of the hacking process.

I.

Reconnaissance

IV.

Maintaining Access

II.

Scanning

V.

Covering Tracks

III.

Gaining Access

2. In order to exploit or attack the targeted systems, what can you do as an initial first step to collect as much
information as possible about the targets prior to devising and attack and penetration test plan?

The first step I would take would be from the 5 steps to hacking which is the reconnaissance. I would use
passive reconnaissance as this pertains to information gathering.

3. What applications and tools can be used to perform this initial reconnaissance and probing step?

Google is a major tool in most hackers initial first step. But you can use Nmap , AMAP, ScanRand and
Paratrace.

4. How can social engineering be used to gather information or data about the organizations IT infrastructure?

Social Engineering is one of the number one ways a network is easily infiltrated. They major forms of this
are Phishing, baiting and diversion theft.

5. What does the Enumeration step of the five (5) step hacking process entail and how is it vital to the hackers
objective?

Enumeration is the same as scanning a system for vulnerabilities that can be used to attack the system
itself. This is vital to any hackers object since it reveals the information needed to access the target.

6. Explain how an attacker will avoid being detected following a successful penetration attack?

To avoid detection a good hacker will always cover their tracks. This is done by purging any information in
the system that could even minutely show the trace that someone was their. You must be careful when
doing this because sometimes its not whats there that gets the hacker busted but what wasnt.

7. What method does an attacker use to regain access to an already penetrated system?

Any good hacker will always leave some sort of a backdoor into the system. This allows for easy access at
will. This also gives the hacker the ability to sell access to the system if the wish.

8. As a security professional, you have been asked to perform an intrusive penetration test which involves
cracking into the organizations WLAN for a company. While performing this task, you are able to retrieve the
authentication key. Should you use this and continue testing, or stop here and report your findings to the client?

As a security professional I would stop at the first sign of unauthorized entry. Going any further could
result in legal ramifications. That is unless instructed and signed into contract that you should go further.

9. Which NIST standards document encompasses security testing and penetrating testing?

NIST 800-42 Guideline on Network Security Testing.

10. According to this NIST document, what are the four phases of penetration testing?

Planning, Discovery, Attack and Reporting.

11. Why would an organization want to conduct an internal penetration test?

To simulate the actions taken by an internal intruder that has access to the system already.

12. What constitutes a situation in which a penetration tester should not compromise or access a system as part
of a controlled penetration test?

The tester should only compromise or access only the areas outlined in the documented and signed
agreement between both parties. Any further access that that outlined in the contract could result in
criminal or civil proceedings.

13. Why would an organization hire an outside consulting firm to perform an intrusive penetration test without
the IT departments knowledge?

This would be to test the actual response of the Security team. If they know the attack is coming they can
prepare and set things up. If they dont know about the attack it will be easier to gage their response to
the attack in a real situation.

14. How does a web application penetration test differ from a network penetration test?

A web application penetration test differs because it focuses only on the security of the web application
itself. A Network Penetration test checks the security of the network system by analyzing the holes and
flaws within both the hardware and the software.

15. Explain both of the information systems security practitioner and hacker perspectives for performing a
penetration test.

An ISS practitioner or Ethical Hacker is a person who knows the ins and outs of hacking and its dangers but
uses his talent for good. Whereas a hacker preforming a penetration test is doing so for some sort of
personal gain, be that pride, money, or politics.