In this video, Marc Menninger describes four techniques useful for identifying and analyzing testing targets. Learn the baseline skillsets for each of these techniques that will enable you to successfully identify and analyze targets.
- Identifying and analyzing targets is the process of determining which devices and systems are available to test, and subsequently, conducting basic vulnerability analysis on them. Information gathered from the previous stage, such as asset inventories and network diagrams, will be used in this stage. The results found in this stage will be used to conduct more thorough testing in the next stage. In this chapter, I'll cover four techniques useful for identifying and analyzing targets.
These techniques are conducting network discovery, identifying network ports and services, scanning for vulnerabilities, and scanning wireless networks. Here are some basic skill sets for each of these techniques. For conducting network discovery, an assessor will need to have a solid understanding of TCP/IP networks and how they work. For example, the assessor must know the purposes and functions of network devices like routers, hubs, and switches, as well as how IP addressing and subnetting works.
He will also need to know how to use network scanners and other methods for finding devices on the network. Identifying network ports and services also requires know of TCP/IP networking, as well as how ports and services work on various operating systems. Recognizing common ports and services will be helpful. The assessor should also be able to use port and service scanning tools and know how to interpret the results.
TCP/IP knowledge is also important when scanning for vulnerabilities. A good understanding of ports, protocols, services, system misconfigurations, other sources of vulnerabilities is necessary. The assessor should also be able to use vulnerability scanning tools, such as OpenVAS, and know how to interpret the results. For example, ranking system vulnerabilities by severity, determining which hosts have the most severe vulnerabilities and identifying which vulnerabilities can easily be remediated.
Assessors scanning wireless networks need to have a good understanding of Wi-Fi technologies and protocols, such as the 802.11 family of specifications, wireless access points, and Wi-Fi protected access, or WPA. They should also be able to use wireless scanning tools and know how to interpret the results. With these skill sets, one should be able to successfully identify and analyze targets.
- Cite the three phases of external security assessments.
- Explain the reasons for conducting a log review.
- Explain what network sniffing is and why it’s used.
- Describe when to use a file integrity checking tool.
- Differentiate between active network discovery and passive network discovery.
- Explain how to scan for vulnerabilities.
- Relate the three techniques useful for validating target vulnerabilities.
- Explain the four-stage methodology of conducting penetration tests.