Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentest Proposal

वेणु गोपाल
December 12, 2009
Technology
0
310

Pentest Proposal

वेणु गोपाल

December 12, 2009
Tweet

More Decks by वेणु गोपाल

See All by वेणु गोपाल
Developing a Graduate Course on Transition to IPv6
vg
0
130
Programmable Logic Controllers
vg
0
34
Cable Sizing
vg
0
68
IT Infrastructure Library
vg
0
59
Red Teams vs Blue Teams
vg
0
83
Darknets
vg
1
180
Pentest
vg
0
200
Beowulf Cluster 1
vg
0
140
Beowulf Cluster 2
vg
0
95

Other Decks in Technology

See All in Technology
Lambda10周年!Lambdaは何をもたらしたか
smt7174
2
110
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
390
AWS Lambda のトラブルシュートをしていて思うこと
kazzpapa3
2
180
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
880
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
390
B2B SaaSから見た最近のC#/.NETの進化
sansantech
PRO
0
900
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
0
110
DynamoDB でスロットリングが発生したとき/when_throttling_occurs_in_dynamodb_short
emiki
0
260
EventHub Startup CTO of the year 2024 ピッチ資料
eventhub
0
130
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
3
630
ドメインの本質を掴む / Get the essence of the domain
sinsoku
2
160

Featured

See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Gamification - CAS2011
davidbonilla
80
5k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
What's new in Ruby 2.0
geeforr
343
31k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
130
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Code Reviewing Like a Champion
maltzj
520
39k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
900
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k

Transcript

  1. Penetrating a Network/System: An Offence & Defense Study Proposal Presentation

    for Secure Wired & Wireless Networks Project By Maneesh Venu Gopal

  2. Hacking?  Hacking is the unauthorized break in into computers/networks

    ...  Usually done by a bad guy (a.k.a Black Hat).  Its not magic. It has a methodology.  Many different Techniques (often change over time).  New vulnerabilities are found (therefore new attacks over time).

  3. Penetration Testing?  Testing the security of systems and architectures

    by a white hat from a hacker’s (a.k.a black hats) point of view.  A “simulated attack” with a predetermined goal.  Telling too many people may invalidate the test.

  4. Procedure  Same methodology  Same tools can be used

     Ping, Tracert, Whois, Nslookup, Dig, many more …  External/Internal  External view (hacker)  Internal view (disgruntled employee)

  5. Methodology  Reconnaissance  Enumeration  Fingerprinting  Identification of

    Vulnerabilities  Attack  Exploit the Vulnerabilities  Wipe off Traces  Get out

  6. Access Points to Your Network  Internet gateways  Modems

     Wireless networks  Physical entry  Social engineering

  7. Security Devices/Personnel  Firewalls  DMZ  Intrusion Detection Systems

     Intrusion Prevention Systems  Anti Malware Apps  Administrators (who are monitoring)  Routers  Subnets  Access Control Lists

  8. Limitations  Not an alternative to other IT security measures.

     It complements other tests.  Does not substitute other security measures.  Not a guarantee of security.  It’s only valid for the period tested.

  9. Lessons Learned / Benefits  Illustrates how a combination of

    factors can lead to a security breach.  Know the tools  COTS  Shareware/Freeware  Gets management’s attention.  Great educational opportunity for audit staff.

  10. References  Barnett, R. J. and Irwin, B. 2008. Towards

    a taxonomy of network scanning techniques. In Proceedings of the 2008 Annual Research Conference of the South African institute of Computer Scientists and information Technologists on IT Research in Developing Countries: Riding the Wave of Technology (Wilderness, South Africa, October 06 - 08, 2008). SAICSIT '08, vol. 338. ACM, New York, NY, 1-7.  Teo, L. 2000. Port Scans and Ping Sweeps Explained. Linux J. 2000, 80es (Nov. 2000), 2.

  11. Thank You!

  12. Questions?