Conducting a regular penetration test is a helpful way to identify serious vulnerabilities within your IT environment. A trusted ethical hacker performs the penetration test using a methodical and thorough approach.
There are 6-critical phases to it. Let's understand those.
1. Pre-Engagement Interactions.
In the phase the company or white-hacker who will carry out the test, will explain the logistics of the test, expectations, legal implications, test-objectives you as a client would like to achieve. In this phase, you will explain them all the risk associated with the test they would carry out, your organisational culture, and the existing pentesting strategy (if you have one). They will make a contract with you and develop a right plan with your collaboration.
2. Reconnaissance or Open Source Intelligence (OSINT) gathering.
Now it has begun...
A pentester will start working on gathering as much as intelligence on your organisation and find out the 'potential targets' to carry out the attacks.
For example, he may carry out search-engine queries, DNS/WHOIS lookups, Social Engineering, Tax Records, Internet Footprints (email address, user names, passwords, social networks, etc), Internal Footprints (Ping sweeps, port scanning, reverse DNS, packet sniffing, etc), tailgating, Dumpster Diving, and so on...
3. Threat Modeling and Vulnerability Identification
Once the pentester identifies the legitimate targets, he will map out a detailed attack strategy. For instance, he will identify the critical business assets (e.g., employee data, customer data, other technical data) and plan to steal those or access those.
He will also identify other threats too. These threats may emanate from inside of the organisation (Management, employees, associated vendors, suppliers, etc). He will also identify external threats too, for example, Ports, Network Protocols, Web Applications, Network Traffic, etc.
He will discover all the vulnerabilities and make an inventory of those vulnerabilities. Then he will validate each and every vulnerability if it is exploitable or not.
4. Exploitation
With a map of all possible vulnerabilities and entry points in his hand, the pentester will begin to test the exploits found within your network, applications, and data. He would want to see how far he can get into your environment, identify high-value targets, without getting detected.
But he will not go beyond the scope as decided in the stage one.
Usually, he would like to exploit Web-application attacks, Network attacks, Memory-based attacks, Wi-Fi attacks, Zero-day attacks, Physical attacks, Social Engineering, etc.
5. Post-Exploitation, Risk Analysis and Recommendations.
In this stage, the pentester will document all the methods he used in last stage. He will also try to determine the value of the data captured.
A good pentester will show you the recommendations for fixing the security holes and vulnerabilities.
Once, sharing the recommendation part is done, he will clean up the environment, reconfigure any access he has obtained to penetrate your environment and remove all the artifacts (e.g, executable-files, scripts, temporary files, user accounts created, etc). He will also reconfigure setting of computers or devices back to original parameters, which were there prior to the pentest.
He will also prevent future unauthorized access in to the system whatever means necessary.
6. Reporting
This is perhaps the most critical aspect. It is where, you will get the comprehensive report about all vulnerabilities found and how they were found, attack methods decided and carried out, what was the value of data accessed or stolen.
The penteration report may also give you an overall security risk score.
The recommendations will make the nuggets of gold for your organisation. Your next penetration test can be an eye-opening exercise to improve your overall security posture.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM
