Vulnerability Mapping

Vulnerability Mapping

is a process of identifying and analyzing the critical security

flaws in the target environment. This terminology is also sometimes known as

vulnerability assessment

program through which the security controls of an IT infrastructure can be analyzed

against known and unknown vulnerabilities. Once the operations of information

gathering, discovery, and enumeration have been completed, it is time to investigate

the vulnerabilities that may exist in the target infrastructure which could lead

. It is one of the key areas of the vulnerability management

to a compromise of the target and violation of the confidentiality, integrity, and

availability of a business system.

 we will be discussing two common types of vulnerabilities,

presenting various standards for the classification of vulnerabilities, and explaining

some of the well-known vulnerability assessment tools provided under the

BackTrack operating system. The overall discussion of this chapter constitutes:

•

The concept of two generic types of vulnerabilities—local and remote.

•

to classify any vulnerability according to its unifying commonality pattern.

The vulnerability taxonomy pointing to industry standards that can be used

•

A number of security tools that can assist in finding and analyzing the

security vulnerabilities present in a target environment. The tools presented

are categorized according to their basic function in a security assessment

process. These include OpenVAS, Cisco, Fuzzing, SMB, SNMP, and web

application analysis tools.

Read More

Target Scoping

Target Scoping

is defined as an empirical process for gathering target assessment

requirements and characterizing each of its parameters to generate a test plan,

limitations, business objectives, and time schedule. This process plays an important

role in defining clear objectives towards any kind of security assessment. By

determining these key objectives one can easily draw a practical roadmap of what

will be tested, how it should be tested, what resources will be allocated, what

limitations will be applied, what business objectives will be achieved, and how the

test project will be planned and scheduled. Thus, we have combined all of these

elements and presented them in a formalized

goal. Following are the key concepts which will be discussed in this chapter:

scope process to achieve the required

•

the target environment through verbal or written communication.

Gathering client requirements deals with accumulating information about

•

include shaping the actual requirements into structured testing process, legal

agreements, cost analysis, and resource allocation.

Preparing test plan depends on different sets of variables. These may

•

penetration testing assignment. These can be a limitation of technology,

knowledge, or a formal restriction on the client's IT environment.

Profiling test boundaries determines the limitations associated with the

•

technical objectives of the penetration testing program.

Defining business objectives is a process of aligning business view with

•

penetration testing process with a proper timeline for test execution. This

can be achieved by using a number of advanced project management tools.

It is highly recommended to follow the scope process in order to ensure test

consistency and greater probability of success. Additionally, this process can also

be adjusted according to the given situation and test factors. Without using any

such process, there will be a greater chance of failure, as the requirements gathered

will have no proper definitions and procedures to follow. This can lead the whole

penetration testing project into danger and may result in unexpected business

interruption. Paying special attention at this stage to the penetration testing process

would make an excellent contribution towards the rest of the test phases and clear

the perspectives of both technical and management areas. The key is to acquire as

much information beforehand as possible from the client to formulate a strategic

path that reflects multiple aspects of penetration testing. These may include

negotiable legal terms, contractual agreement, resource allocation, test limitations,

core competencies, infrastructure information, timescales, and rules of engagement.

As a part of best practices, the scope process addresses each of the attributes

necessary to kickstart our penetration testing project in a professional manner.

As we can see in the preceding screenshot, each step constitutes unique information

that is aligned in a logical order to pursue the test execution successfully. Remember,

the more information that is gathered and managed properly, the easier it will be for

both the client and the penetration testing consultant to further understand the process

of testing. This also governs any legal matters to be resolved at an early stage. Hence,

we will explain each of these steps in more detail in the following sectionProject management and scheduling directs every other step of the

Read More

BackTrack testing methodology

BackTrack is a versatile operating system that comes with number of security
assessment and penetration testing tools. Deriving and practicing these tools without
a proper methodology can lead to unsuccessful testing and may produce unsatisfied
results. Thus, formalizing the security testing with structured a methodology is
extremely important from a technical and managerial perspective.
The BackTrack testing methodology we have presented in this section will constitute
both the black-box and white-box approaches. Either of these approaches can be
adjusted according to the given target of assessment. The methodology is composed
of a number of steps that should be followed in a process at the initial, medial, and
final stages of testing in order to accomplish a successful assessment. These include
Target Scoping, Information Gathering, Target Discovery, Enumerating Target,
Vulnerability Mapping, Social Engineering, Target Exploitation, Privilege Escalation,
Maintaining Access, and Documentation and Reporting.
Whether applying any combination of these steps with black-box or white-box
approaches, it is all left up to the penetration tester to decide and choose the most
strategic path according to the given target environment and its prior knowledge
before the test begins. We will explain each stage of testing with a brief description,
definition and its possible applications.
The illustration for the BackTrack testing process is also given below.
Target scoping
Before starting the technical security assessment, it is important to observe and
understand the given scope of the target network environment. It is also necessary to
know that the scope can be defined for a single entity or set of entities that are given to the
auditor. What has to be tested, how it should be tested, what conditions should be applied
during the test process, what will limit the execution of test process, how long will it take
to complete the test, and what business objectives will be achieved, are all the possible
outlines that should be decided under target scoping. To lead a successful penetration
testing, an auditor must be aware of the technology under assessment, its basic
functionality, and interaction with the network environment. Thus, the knowledge of an
auditor does make a significant contribution towards any kind of security assessment.
Information gathering
Once the scope has been finalized, it is time to move into the reconnaissance phase.
During this phase, a pentester uses a number of publicly available resources to
learn more about his target. This information can be retrieved from Internet sources
such as forums, bulletin boards, newsgroups, articles, blogs, social networks, and
other commercial or non-commercial websites. Additionally, the data can also
be gathered through various search engines such as Google, Yahoo!, MSN Bing,
Baidu, and others. Moreover, an auditor can use the tools provided in BackTrack
to extract network information about a target. These tools perform valuable data
mining techniques for collecting information through DNS servers, trace routes,
Whois database, e-mail addresses, phone numbers, personal information, and user
accounts. The more information that is gathered it will increase the chances for the
success of penetration testing.

Read More