Penetration testing or pen-testing is the most aggressive form of cybersecurity review. This is considered offensive security as opposed to more traditional defensive cybersecurity strategies. A Certified Penetration Tester (CPT) or Certified Ethical Hacker (CEH) is employed by a business to attack a network and the attached computers, servers and devices as a cyber-criminal or cyber attacker would. This involves using special computer systems running pen-testing operating systems such as Backtrack or Kali Linux. In the hands of a skilled practitioner, a pen-test may be able to uncover vulnerabilities or points of access that a vulnerability scanner may be unable to detect.
A penetration test is a multi-step process that includes:
- Reconnaissance of the target using public records, Internet searches, and tactics such as dumpster-diving, deceptive phone calls to staff, and targeted spear-phishing emails.
- Scanning the network and devices to develop an inventory of devices, IP addresses, and operating systems to find potential targets on the network.
- Gaining access to the network and network resources using the vulnerabilities found in the earlier step and using privilege escalation strategies to acquire administrative rights to targeted systems.
- Maintaining access while remaining undetected and acquiring targeted resources and/or information.
- Covering tracks or removing exploits and disengaging from the target.
Types of attacks that may be used against a system are:
- Operating system attacks against known and newly uncovered vulnerabilities on popular operating systems such as Microsoft Windows, Apple OSx and various Linux and Unix operating systems.
- Application-level attacks against vulnerable applications such as Java or Adobe Flash Player or other commercial, line of business, or web server applications.
- Misconfiguration attacks against systems such as routers, firewalls, wireless access points and other devices where known default user credentials may still be part of the configuration, or other misconfigured system settings that would permit access.
Finally we complete a report where we explain what was done, and what was discovered. The report will also offer suggestions for remediation, so this vulnerabilities can be removed or mitigated.