Ti aplicada ao negócio
02/11/2005
[pic]
Methodology Diagram:
[pic]
1. Planning the Test
The first stage sets the objectives of the penetration test and attackers’ profiles for the tests, ranging from what potential havoc an authorized user can effect on your network through to the most nefarious business-injuring destruction that a professional hacker can cause. From there, there must be agreement on the scope of the penetration test, including internal and external servers, components of the security architecture, remote-access devices, and shared workstations. And last, it is important to define success criteria, both positive and negative, so that your organization can measure our results against predetermined criteria, for both external and internal attacks.
Planning guide:
• Get the internet Link to do the test • Get the required tools • Define the internal and external tests • Prepare the letter of good
Work Hours: 1 day (8h)
2. Information Gathering
The SLB team gathers technical details, including identification of network access points, network mapping and OS fingerprinting, about the target hosts and gathers publicly available information on the owner of the network or application in question to plan a comprehensive attack.
Goal:
The point of this exercise is to find the number of reachable systems to be tested without exceeding the legal limits of what you may test. Therefore the network survey is just one way to begin a test; another way is to be given the IP range to test. In this module, no intrusion is being performed directly on the systems except in places considered a quasi-public domain.
[pic]
3. System Service Identification
Port scanning is the invasive probing of system ports on the transport and network level. Included here is also the validation of system reception to tunneled, encapsulated, or routing protocols. This module is to enumerate live or accessible Internet services