Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentest Proposal

वेणु गोपाल
December 12, 2009
Technology
0
310

Pentest Proposal

वेणु गोपाल

December 12, 2009
Tweet

More Decks by वेणु गोपाल

See All by वेणु गोपाल
Developing a Graduate Course on Transition to IPv6
vg
0
120
Programmable Logic Controllers
vg
0
34
Cable Sizing
vg
0
66
IT Infrastructure Library
vg
0
59
Red Teams vs Blue Teams
vg
0
82
Darknets
vg
1
170
Pentest
vg
0
200
Beowulf Cluster 1
vg
0
130
Beowulf Cluster 2
vg
0
94

Other Decks in Technology

See All in Technology
Product Engineer Night #6プロダクトエンジニアを育む仕組み・施策
hacomono
PRO
1
470
Datachain会社紹介資料(2024年11月) / Company Deck
datachain
3
16k
「視座」の上げ方が成人発達理論にわかりやすくまとまってた / think_ perspective_hidden_dimensions
shuzon
2
4.8k
Commitment vs Harrisonism - Keynote for Scrum Niseko 2024
miholovesq
6
1.1k
チームを主語にしてみる / Making "Team" the Subject
ar_tama
4
310
GitHub Universe: Evaluating RAG apps in GitHub Actions
pamelafox
0
180
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
5
49k
物価高なラスベガスでの過ごし方
zakky
0
380
新卒1年目が向き合う生成AI事業の開発を加速させる技術選定 / ai-web-launcher
cyberagentdevelopers
PRO
7
1.5k
急成長中のWINTICKETにおける品質と開発スピードと向き合ったQA戦略と今後の展望 / winticket-autify
cyberagentdevelopers
PRO
1
160
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.6k
ユーザーの購買行動モデリングとその分析 / dsc-purchase-analysis
cyberagentdevelopers
PRO
2
100

Featured

See All Featured
Building a Scalable Design System with Sketch
lauravandoore
459
33k
The Cost Of JavaScript in 2023
addyosmani
45
6.6k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Become a Pro
speakerdeck
PRO
24
5k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
228
52k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
Facilitating Awesome Meetings
lara
49
6k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
43
6.6k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
32
1.8k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
A Tale of Four Properties
chriscoyier
156
23k

Transcript

  1. Penetrating a Network/System: An Offence & Defense Study Proposal Presentation

    for Secure Wired & Wireless Networks Project By Maneesh Venu Gopal

  2. Hacking?  Hacking is the unauthorized break in into computers/networks

    ...  Usually done by a bad guy (a.k.a Black Hat).  Its not magic. It has a methodology.  Many different Techniques (often change over time).  New vulnerabilities are found (therefore new attacks over time).

  3. Penetration Testing?  Testing the security of systems and architectures

    by a white hat from a hacker’s (a.k.a black hats) point of view.  A “simulated attack” with a predetermined goal.  Telling too many people may invalidate the test.

  4. Procedure  Same methodology  Same tools can be used

     Ping, Tracert, Whois, Nslookup, Dig, many more …  External/Internal  External view (hacker)  Internal view (disgruntled employee)

  5. Methodology  Reconnaissance  Enumeration  Fingerprinting  Identification of

    Vulnerabilities  Attack  Exploit the Vulnerabilities  Wipe off Traces  Get out

  6. Access Points to Your Network  Internet gateways  Modems

     Wireless networks  Physical entry  Social engineering

  7. Security Devices/Personnel  Firewalls  DMZ  Intrusion Detection Systems

     Intrusion Prevention Systems  Anti Malware Apps  Administrators (who are monitoring)  Routers  Subnets  Access Control Lists

  8. Limitations  Not an alternative to other IT security measures.

     It complements other tests.  Does not substitute other security measures.  Not a guarantee of security.  It’s only valid for the period tested.

  9. Lessons Learned / Benefits  Illustrates how a combination of

    factors can lead to a security breach.  Know the tools  COTS  Shareware/Freeware  Gets management’s attention.  Great educational opportunity for audit staff.

  10. References  Barnett, R. J. and Irwin, B. 2008. Towards

    a taxonomy of network scanning techniques. In Proceedings of the 2008 Annual Research Conference of the South African institute of Computer Scientists and information Technologists on IT Research in Developing Countries: Riding the Wave of Technology (Wilderness, South Africa, October 06 - 08, 2008). SAICSIT '08, vol. 338. ACM, New York, NY, 1-7.  Teo, L. 2000. Port Scans and Ping Sweeps Explained. Linux J. 2000, 80es (Nov. 2000), 2.

  11. Thank You!

  12. Questions?