Penetration Testing - CompTIA Security+ SY0-701 - 4.3
What is Penetration Testing?
Overview of Penetration Testing
- Penetration testing, or pen testing, simulates an attack on systems to identify vulnerabilities. It differs from vulnerability scanning as it involves actual exploits to gain access.
- Regular penetration testing can be a security best practice and may be mandated by certain industries. The National Institute of Standards and Technology (NIST) provides guidelines in "The Technical Guide to Information Security Testing and Assessment."
Rules of Engagement
- Before conducting a penetration test, it's crucial to establish rules of engagement that outline the scope and purpose of the testing.
- These rules define when tests are permissible, types of tests (e.g., physical breaches, internal/external tests), and specific hours for conducting tests.
- Detailed specifications regarding which systems can be tested are included, along with emergency contacts for any questions during the process.
Conducting the Test
- The objective is to exploit known vulnerabilities without causing critical system failures. Documentation in the rules helps prevent disruptions.
- Various methods such as buffer overflows, password brute force attacks, social engineering, and database injections may be employed during testing.
Gaining Access
- Successfully gaining access is just the beginning; testers aim to use this access as a foothold for lateral movement within the network.
- After initial access, testers may create backdoors or modify existing accounts to ensure continued access even if vulnerabilities are patched.
Understanding Vulnerabilities and Patching
Exploiting Vulnerabilities
- Once inside a network, attackers often set up their initial system as a relay or proxy to reach other systems within that network.
CVEs and Bug Bounties
- A continuous flow of updated vulnerabilities appears on Common Vulnerabilities and Exposures (CVE) lists. The patching process can take weeks or months after identification by researchers.