PenetrationTestingandNetworkDefense
ByAndrewWhitaker,DanielP.Newman
...............................................
Publisher:CiscoPress
PubDate:November04,2005
ISBN:1-58705-208-3
Pages:624
TableofContents|Index
Thepracticalguidetoassessingnetworkvulnerabilitiesandmanagingsecurityrisk.
Assessyournetwork'sdefensivestrengthsandeliminatevulnerabilitieswith
proveninternaltestingmethodologies
Learnhowtoperformsimulatedattacksonlivenetworks
DetectnetworkattacksusingtheCiscoIntrusionDetectionSensorandSecurity
Agent
Acompletereal-worldcasestudyshowsastep-by-stepprocessforconducting
yourownpenetrationtests
Securitythreatsareontherise,andcompaniesmustbepreparedtofacethem.One
waycompaniesareassessingsecurityriskandthevulnerabilityoftheirnetworksisby
hiringsecurityfirmstoattempttopenetratetheirnetworksorbydevelopinginhousepenetrationtestingskillstocontinuallymonitornetworkvulnerabilities.
Penetrationtestingisagrowingfield,yetthereisnodefiniteresourceonhowto
performapenetrationtestandtheethicsoftesting.PenetrationTestingandCisco
NetworkDefenseoffersdetailedstepsonhowtoemulateanoutsideattackertoassess
thesecurityofanetwork.Unlikeotherbooksonhacking,thisbookisspecifically
gearedtowardpenetrationtesting.Dividedintotwoparts,thisbookprovidesaset
ofguidelinesandmethodologiesforunderstandingandperforminginternalpenetration
tests.Italsoshowshowanattackcanbedetectedonanetwork.Partonecovers
understandingpenetrationtesting,assessingrisks,andcreatingatestingplan.Part
twofocusesontheparticularsoftesting,andeachchapterincludesthreeessential
components:thestepstoperformasimulatedattackusingpopularcommercialand
open-sourceapplications;howtodetecttheattackwithCiscoIntrusionDetection
SensorandSecurityAgent;suggestionsonhowtohardenasystemagainstattacks.
PenetrationTestingandNetworkDefense
ByAndrewWhitaker,DanielP.Newman
...............................................
Publisher:CiscoPress
PubDate:November04,2005
ISBN:1-58705-208-3
Pages:624
TableofContents|Index
Copyright
AbouttheAuthors
AbouttheTechnicalReviewers
Acknowledgments
IconsUsedinThisBook
CommandSyntaxConventions
Foreword
Introduction
WhoShouldReadthisBook
EthicalConsiderations
HowThisBookIsOrganized
PartI:OverviewofPenetrationTesting
Chapter1.UnderstandingPenetrationTesting
DefiningPenetrationTesting
AssessingtheNeedforPenetrationTesting
AttackStages
ChoosingaPenetrationTestingVendor
PreparingfortheTest
Summary
Chapter2.LegalandEthicalConsiderations
EthicsofPenetrationTesting
Laws
Logging
ToFixorNottoFix
Summary
Chapter3.CreatingaTestPlan
Step-by-StepPlan
Open-SourceSecurityTestingMethodologyManual
Documentation
Summary
PartII:PerformingtheTest
Chapter4.PerformingSocialEngineering
HumanPsychology
WhatItTakestoBeaSocialEngineer
FirstImpressionsandtheSocialEngineer
TechSupportImpersonation
Third-PartyImpersonation
E-MailImpersonation
EndUserImpersonation
CustomerImpersonation
ReverseSocialEngineering
ProtectingAgainstSocialEngineering
CaseStudy
Summary
Chapter5.PerformingHostReconnaissance
PassiveHostReconnaissance
ActiveHostReconnaissance
PortScanning
NMap
DetectingaScan
CaseStudy
Summary
Chapter6.UnderstandingandAttemptingSessionHijacking
DefiningSessionHijacking
Tools
BewareofACKStorms
KevinMitnick'sSessionHijackAttack
DetectingSessionHijacking
ProtectingAgainstSessionHijacking
CaseStudy
Summary
Resources
Chapter7.PerformingWebServerAttacks
UnderstandingWebLanguages
WebsiteArchitecture
E-CommerceArchitecture
WebPageSpoofing
CookieGuessing
BruteForceAttacks
Tools
DetectingWebAttacks
ProtectingAgainstWebAttacks
CaseStudy
Summary
Chapter8.PerformingDatabaseAttacks
DefiningDatabases
TestingDatabaseVulnerabilities
SecuringYourSQLServer
DetectingDatabaseAttacks
ProtectingAgainstDatabaseAttacks
CaseStudy
Summary
ReferencesandFurtherReading
Chapter9.PasswordCracking
PasswordHashing
Password-CrackingTools
DetectingPasswordCracking
ProtectingAgainstPasswordCracking
CaseStudy
Summary
Chapter10.AttackingtheNetwork
BypassingFirewalls
EvadingIntruderDetectionSystems
TestingRoutersforVulnerabilities
TestingSwitchesforVulnerabilities
SecuringtheNetwork
CaseStudy
Summary
Chapter11.ScanningandPenetratingWirelessNetworks
HistoryofWirelessNetworks
AntennasandAccessPoints
WirelessSecurityTechnologies
WarDriving
Tools
DetectingWirelessAttacks
CaseStudy
Summary
Chapter12.UsingTrojansandBackdoorApplications
Trojans,Viruses,andBackdoorApplications
CommonVirusesandWorms
TrojansandBackdoors
DetectingTrojansandBackdoorApplications
Prevention
CaseStudy
Summary
Chapter13.PenetratingUNIX,Microsoft,andNovellServers
GeneralScanners
UNIXPermissionsandRootAccess
MicrosoftSecurityModelsandExploits
NovellServerPermissionsandVulnerabilities
DetectingServerAttacks
PreventingServerAttacks
CaseStudy
Summary
Chapter14.UnderstandingandAttemptingBufferOverflows
MemoryArchitecture
BufferOverflowExamples
PreventingBufferOverflows
CaseStudy
Summary
Chapter15.Denial-of-ServiceAttacks
TypesofDoSAttacks
ToolsforExecutingDoSAttacks
DetectingDoSAttacks
PreventingDoSAttacks
CaseStudy
Summary
Chapter16.CaseStudy:AMethodicalStep-By-StepPenetrationTest
CaseStudy:LCNGetsTested
DAWNSecurity
PartIII:Appendixes
AppendixA.PreparingaSecurityPolicy
WhatIsaSecurityPolicy?
RiskAssessment
BasicPolicyRequirements
SecurityPolicyImplementationandReview
PreparingaSecurityPolicyinTenBasicSteps
ReferenceLinks
AppendixB.Tools
PerformingHostReconnaissance(Chapter5)
UnderstandingandAttemptingSessionHijacking(Chapter6)
PerformingWeb-ServerAttacks(Chapter7)
PerformingDatabaseAttacks(Chapter8)
CrackingPasswords(Chapter9)
AttackingtheNetwork(Chapter10)
ScanningandPenetratingWirelessNetworks(Chapter11)
UsingTrojansandBackdoorApplications(Chapter12)
PenetratingUNIX,Microsoft,andNovellServers(Chapter13)
UnderstandingandAttemptingBufferOverflows(Chapter14)
Denial-of-ServiceAttacks(Chapter15)
Glossary
A
B
C
D
E
F
H
I
JKL
M
N
OP
R
S
T
U
V
W
Index
Copyright
PenetrationTestingandNetworkDefense
AndrewWhitakerandDanielP.Newman
Copyright©2006CiscoSystems,Inc.
Publishedby:
CiscoPress
800East96thStreet
Indianapolis,IN46240USA
Allrightsreserved.Nopartofthisbookmaybereproducedortransmittedinany
formorbyanymeans,electronicormechanical,includingphotocopying,
recording,orbyanyinformationstorageandretrievalsystem,withoutwritten
permissionfromthepublisher,exceptfortheinclusionofbriefquotationsina
review.
PrintedintheUnitedStatesofAmerica1234567890
FirstPrintingNovember2005
LibraryofCongressCataloging-in-PublicationNumber:2004108262
WarningandDisclaimer
Thisbookisdesignedtoprovideinformationaboutpenetrationtestingand
networkdefensetechniques.Everyefforthasbeenmadetomakethisbookas
completeandasaccurateaspossible,butnowarrantyorfitnessisimplied.
Theinformationisprovidedonan"asis"basis.Theauthors,CiscoPress,and
CiscoSystems,Inc.shallhaveneitherliabilitynorresponsibilitytoanyperson
orentitywithrespecttoanylossordamagesarisingfromtheinformation
containedinthisbookorfromtheuseofthediscsorprogramsthatmay
accompanyit.
Theopinionsexpressedinthisbookbelongtotheauthorsandarenotnecessarily
thoseofCiscoSystems,Inc.
FeedbackInformation
AtCiscoPress,ourgoalistocreatein-depthtechnicalbooksofthehighest
qualityandvalue.Eachbookiscraftedwithcareandprecision,undergoing
rigorousdevelopmentthatinvolvestheuniqueexpertiseofmembersfromthe
professionaltechnicalcommunity.
Readers'feedbackisanaturalcontinuationofthisprocess.Ifyouhaveany
commentsregardinghowwecouldimprovethequalityofthisbookorotherwise
alterittobettersuityourneeds,youcancontactusthroughe-mailat
PleasemakesuretoincludethebooktitleandISBN
inyourmessage.
TrademarkAcknowledgments
Alltermsmentionedinthisbookthatareknowntobetrademarksorservice
markshavebeenappropriatelycapitalized.CiscoPressorCiscoSystems,Inc.
cannotattesttotheaccuracyofthisinformation.Useofaterminthisbook
shouldnotberegardedasaffectingthevalidityofanytrademarkorservice
mark.
Wegreatlyappreciateyourassistance.
Publisher
JohnWait
Editor-in-Chief
JohnKane
CiscoRepresentative
AnthonyWolfenden
CiscoPressProgramManager JeffBrady
ExecutiveEditor
BrettBartow
ProductionManager
PatrickKanouse
SeniorDevelopmentEditor
ChristopherCleveland
ProjectEditor
MarcFowler
CopyEditor
KarenA.Gill
TechnicalEditors
SteveKalman,MichaelOverstreet
TeamCoordinator
TammiBarnett
Book/CoverDesigner
LouisaAdair
Compositor
MarkShirar
Indexer
TimWright
CorporateHeadquarters
CiscoSystems,Inc.
170WestTasmanDrive
SanJose,CA95134-1706
USA
www.cisco.com
Tel:408526-4000
800553-NETS(6387)
Fax:408526-4100
EuropeanHeadquarters
CiscoSystemsInternationalBV
Haarlerbergpark
Haarlerbergweg13-19
1101CHAmsterdam
TheNetherlands
www-europe.cisco.com
Tel:310203571000
Fax:310203571100
AmericasHeadquarters
CiscoSystems,Inc.
170WestTasmanDrive
SanJose,CA95134-1706
USA
www.cisco.com
Tel:408526-7660
Fax:408527-0883
AsiaPacificHeadquarters
CiscoSystems,Inc.
CapitalTower
168RobinsonRoad
#22-01to#29-01
Singapore068912
www.cisco.com
Tel:+6563177777
Fax:+6563177799
CiscoSystemshasmorethan200officesinthefollowingcountriesandregions.
Addresses,phonenumbers,andfaxnumbersarelistedontheCisco.comWeb
siteatwww.cisco.com/go/offices.
Argentina•Australia•Austria•Belgium•Brazil•Bulgaria•Canada•Chile•
ChinaPRC•Colombia•CostaRica•Croatia•CzechRepublic•Denmark•
Dubai,UAE•Finland•France•Germany•Greece•HongKongSAR•
Hungary•India•Indonesia•Ireland•Israel•Italy•Japan•Korea•
Luxembourg•Malaysia•Mexico•TheNetherlands•NewZealand•Norway•
Peru•Philippines•Poland•Portugal•PuertoRico•Romania•Russia•Saudi
Arabia•Scotland•Singapore•Slovakia•Slovenia•SouthAfrica•Spain•
Sweden•Switzerland•Taiwan•Thailand•Turkey•Ukraine•UnitedKingdom
•UnitedStates•Venezuela•Vietnam•Zimbabwe
Copyright©2003CiscoSystems,Inc.Allrightsreserved.CCIP,CCSP,the
CiscoArrowlogo,theCiscoPoweredNetworkmark,theCiscoSystems
Verifiedlogo,CiscoUnity,FollowMeBrowsing,FormShare,iQNetReadiness
Scorecard,NetworkingAcademy,andScriptSharearetrademarksofCisco
Systems,Inc.;ChangingtheWayWeWork,Live,Play,andLearn,TheFastest
WaytoIncreaseYourInternetQuotient,andiQuickStudyareservicemarksof
CiscoSystems,Inc.;andAironet,ASIST,BPX,Catalyst,CCDA,CCDP,CCIE,
CCNA,CCNP,Cisco,theCiscoCertifiedInternetworkExpertlogo,CiscoIOS,
theCiscoIOSlogo,CiscoPress,CiscoSystems,CiscoSystemsCapital,the
CiscoSystemslogo,EmpoweringtheInternetGeneration,Enterprise/Solver,
EtherChannel,EtherSwitch,FastStep,GigaStack,InternetQuotient,IOS,IP/TV,
iQExpertise,theiQlogo,LightStream,MGX,MICA,theNetworkerslogo,
NetworkRegistrar,Packet,PIX,Post-Routing,Pre-Routing,RateMUX,
Registrar,SlideCast,SMARTnet,StrataViewPlus,Stratm,SwitchProbe,
TeleRouter,TransPath,andVCOareregisteredtrademarksofCiscoSystems,
Inc.and/oritsaffiliatesintheU.S.andcertainothercountries.
AllothertrademarksmentionedinthisdocumentorWebsitearethepropertyof
theirrespectiveowners.Theuseofthewordpartnerdoesnotimplyapartnership
relationshipbetweenCiscoandanyothercompany.(0303R)
PrintedintheUSA
Dedications
AndrewWhitaker:
IdedicatethisbookinmemoryofDr.BillR.OwensandDr.CharlesBraak.
Yourlegaciescontinuetoinspiremetopursuehigherlevelsofexcellence.
Andtomyamazingwife,Jennifer.
-BFFDanielNewman:
Idedicatethisbooktomybeautifulwife,Clare.Nomatterhowcloseyouare,
thereisneveramomentthatyouarenotinmythoughtsandneveratimethat
myheartisnotmissingyou.Youarethelightofmylifethatneverstopsshining
brighterandbrighterastimegoeson.Ijustwishforeverwerenotsoshort,
becauseI'llmissyouwhenitcomes.
Yourhusband,Daniel
AbouttheAuthors
AndrewWhitakerhasbeenworkingintheITindustryformorethantenyears,
specializinginCiscoandsecuritytechnologies.Currently,heworksasthe
DirectorofEnterpriseInfoSecandNetworkingforTechTrain,aninternational
computertrainingandconsultingcompany.Andrewperformspenetrationtesting
andteachesethicalhackingandCiscocoursesthroughouttheUnitedStatesand
Europe.Priortoteaching,Whitakerwasperformingpenetrationtestsfor
financialinstitutionsacrossthesoutheasternUnitedStates.Healsowas
previouslyemployedasaseniornetworkengineerwithanonlinebanking
company,wherehewasresponsiblefornetworksecurityimplementationand
datacommunicationsfore-financewebsites.Heiscertifiedinthefollowing:
CCSP,CCNP,CCNA,CCDA,InfoSec,MCSE,CNE,A+,CNE,Network+,
Security+,CEH,andCEI.
DanielP.Newmanhasbeeninthecomputerindustryformorethantwelveyears
specializinginapplicationprogramming,databasedesign,andnetworksecurity
forprojectsallovertheworld.Danielhasimplementedsecurecomputerand
networksolutionstoawidevarietyofindustriesrangingfromtitaniumplants,
diamondmines,androbotic-controlsystemstosecureInternetbanking.Working
acrossfourcontinents,hehasgainedexpertiseprovidingsecurecomputer
networksolutionswithinawiderangeofsystems.Danieliscurrentlyworkingas
afreelancepenetrationtesterandaseniortechnicaltrainerteachingCiscoand
Microsoftproducts.Inaddition,Newmanspecializesinpracticingandtraining
certifiedethicalhackingandpenetrationtesting.Inhispursuitofincreased
knowledge,hehasbecomecertifiedinthefollowing:A+,Network+,I-Net+,
Server+,Linux+,Security+,MCDST,MCSA,MCSE(NT,2000,2003);
Security,MCDBA,MCT,CCNA,CCDA,CSS1,CCSP,InfoSec,CEH,CEI,and
CISSP.Inhisofftime,NewmanhasauthoredbooksonPIXFirewallandCisco
IDSandworkedastechnicaleditorforbooksontheCiscoSAFEmodel.
AbouttheTechnicalReviewers
StephenKalmanisadatasecuritytrainer.Heistheauthorortecheditorofmore
than20books,courses,andCBTtitles.HismostrecentbookisWebSecurity
FieldGuide,publishedbyCiscoPress.Inadditiontothoseresponsibilities,he
runsaconsultingcompany,EsquireMicroConsultants,thatspecializesin
networksecurityassessmentsandforensics.
KalmanholdsCISSP,CEH,CHFI,CCNA,CCDA,A+,Network+,and
Security+certificationsandisamemberoftheNewYorkStateBar.
MichaelOverstreetisadeliverymanagerforCiscoAdvancedServiceswithin
WorldWideSecurityPractice.Heisresponsibleforthedeliveryofsecurity
assessmentandimplementationserviceswithafocusonSecurityPosture
Assessments(SPA).HehasworkedforCiscoforsixyearsdeliveringthe
securityservices.HeisagraduateofChristopherNewportUniversitywitha
BachelorofScienceinComputerScience.MichaelholdsCISSPandCCNP
certifications.
Acknowledgments
AndrewWhitaker:
Manypeoplewereinvolvedinthecreationofthisbook.First,Imustthankmy
foreversupportivewife,whoseencouragementkeptmefocusedandmotivated
tocompletethisproject.Youhaven'tseenmuchofmethispastyear,andIthank
youforyoursacrificesothatIcouldpursuethisbook.Iwillalwaysloveyou.
ToDanNewman,mycoauthor:Icanonlysaythankyouforbeingagreatfriend
andcolleague.Despitethelongdistancebetweenus,youstillremainagood
friend,andIlookforwardtoworkingwithyouonfutureprojects.Thedawnis
coming!
TwopeoplewhodeservespecialmentionareBrettBartowandChrisCleveland.
Youbothhavesaint-likepatiencetoallowforourhabitualtardiness.
Acknowledgementsmustalsobegiventoourtwotechnicaleditors,Steve
KalmanandMichaelOverstreet.Steve,withoutyou,thisbookneverwouldhave
happened.Weareluckytohaveyouasaneditor.Michael,thankyouforholding
suchahighstandardtoensurethatthisbookisofqualitymaterial.
Severalothersmustbementionedfortheirassistancewithcertainchapters.
JonathanIrvinandRobertHallatDefcon-5bothsharedtheirsocialengineering
tacticsforChapter4.Forourchapteronbufferoverflows,Iamverygratefulfor
SolarIceat#CovertSystems,whochattedonlinewithmeat4:00a.m.one
Saturdaymorningtodiscusshisexploittechniques.SusanBrenneratthe
UniversityofDaytonhelpedwiththediscussiononcybercrimeandethicsin
Chapter2.Susan,yourstudentsareluckytohaveyou.
Stillothershadanindirectinvolvementwiththisbook.I'dliketothankJohn
AlmeteratNetTek,amanofgreatintegritywhogotmestartedinthisfield.I
alsomustthankRickVanLuvenderatInfoSecAcademyforteachingmeso
muchaboutpenetrationtesting.ThanksalsototheIndianRiverStarbucksfor
providingmewithasecondoffice.
Finally,ImustthankGod,forwithoutyou,therewouldbenoethicsormorality.
DanielNewman:
IwouldliketothankBrettBartowandChristopherClevelandfortheir
encouragement,drive,andpushtohelpuskeepthismassiveprojectonschedule
andontime.Thanks,guys!
Toourtechnicaleditors,MichaelOverstreetandSteveKalman,fordoublecheckingallourfactsandhelpingusfixallourminortypos.
ToAndrew,withwhomIcoauthoredthisbook.Thankyouforyournever-ending
patiencewithbusyworkschedules,timezones,anddeadlinesthatplaguedus.If
onlytherewere25hoursintheday,wecouldaccomplishsomuchmore.You
arethebestoffriends,andIwouldliketothankyoufortheopportunitytowork
withyouonthisprojectIcan'twaittodo167.
IwouldalsoliketothankHannah"Wee"forputtingupwithMomandIwhile
westringthedenwithcablesandhammerawayoncomputerkeyboards
attackingsystemsforhoursonend.Youalwaysseemtofindawaytostillbe
involved,whetheritbegettingcoffeeorjuststayingclosebywatchingmovies
onthelaptop.Thanks,Wee!
Lastlyandmostimportantly,Iwouldliketothankmywife,Clare.Thankyou,
honey,foryournever-endingpatience,technicalediting,casestudytesting,
referencechecking,andmoralsupportonthisbook.Youaremybestfriend,my
peer,mypartner,andmysoulmateforlife.Forwithoutyou,thisbooknever
wouldhavebeenpossible.Iloveyou,mywonderfulpartner.
IconsUsedinThisBook
CommandSyntaxConventions
Theconventionsusedtopresentcommandsyntaxinthisbookarethesame
conventionsusedintheIOSCommandReference.TheCommandReference
describestheseconventionsasfollows:
Boldfaceindicatescommandsandkeywordsthatyouenterliterallyas
shown.Inactualconfigurationexamplesandoutput(notgeneralcommand
syntax),boldfaceindicatescommandsthataremanuallyinputbytheuser
(suchasashowcommand).
Italicindicatesargumentsforwhichyousupplyactualvalues.
Verticalbars(|)separatealternative,mutuallyexclusiveelements.
Squarebrackets[]indicateoptionalelements.
Braces{}indicatearequiredchoice.
Braceswithinbrackets[{}]indicatearequiredchoicewithinanoptional
element.
Foreword
Pentesting,ethicalhacking,postureassessment,vulnerabilityscans...thelistof
namesgoesonandon.Thereareasmanynamesforsimulatinganattackand
testingthesecurityofaninformationsystemasthereareapproachesand
techniquestobeutilizedinthisendeavor.
Whileitisquitesimpletologontothewebandgainaccesstotools,information,
scripts,etc.toperformthesetypesoftests,thekeytodoingthiswork
responsibly,andwithdesirableresults,liesinunderstandinghowtoexecutea
pentesttherightway.Casestudieshaveshownthatatestingexercisedesigned
toidentifyandimprovesecuritymeasurescanturnsourandresultinobviousor
inaccuraterecommendations,orintheworstcasescenario,becomedisruptiveto
businessoperations.
Thisbookgoestogreatlengthstoexplainthevarioustestingapproachesthatare
usedtodayandgivesexcellentinsightintohowaresponsiblepenetrationtesting
specialistexecuteshistrade.
Penetrationtestingisverydynamicfieldandrequiresacontinuousinvestmentin
educationandtrainingtoensurethatthetesterhastherequisiteknowledgetodo
thiswell.Andthereisacertainelegancetotheanalysisinvolvedinatruly
successfultest.Whileconsideredasciencesteepedintheworldoftechnology,
thehighestformofpenetrationtestingcontainsquitealotofart.Byapplying
creativityintheinterpretingandanalysisofresults,thendeterminingtheoptimal
nextsteps,oftenbyintuitionandfeel,thesophisticatedpentestercreatesanew
levelofevaluationandbringsastronger,morevaluableresulttotheexercise.
Therewasatime10-15yearsagowhenthistypeofexercisewasquestionedas
toitsvalidity,itsvalue,anditsinterpretation.Intoday'smoderntechnologydrivenworld,whereweexperienceaceaselessnumberofthreats,vulnerabilities,
DDOSattacks,andmaliciouscodeproliferation,penetrationtestsareoneof
manystandardbestpracticesessentialtostrongsecuritygovernance.Mostsound
securityapproacheshighlightthesetestsasanintegralcomponentoftheir
programs.Theyareviewedasessentialtounderstanding,evaluating,measuring,
andthenmostimportantly,establishingacosteffectivesetofremediationsteps
forimprovingthesecurityofinformationassets.
Whatisofparticularnoteandinterestinthisbookistheextensivetimedevoted
tothemanynewandinnovativetechniquesrequiredtoproperlytestandevaluate
newadvancedtechnologies.It'saneverchangingfieldandyouwillfindgreat
valueindelvingintothesenewdomains,expandingyourscope,and
understandingthepossibilities.Theredoesnotseemtobeanylimittothe
potentialdamagethatthosewithmaliciousintentcaninvoke.Deepexploration
oftheirtechniqueshelpsustoestablishproactivepreventiveanddetective
measuresandhelpintheongoingtasksofstayingastepahead.
Sowhenyoudobecomeinvolvedinpenetrationtestingprojectswhetherthatbe
incontractingforservices,overseeingtheirexecution,reviewingtheirresults,or
evenexecutingthemyourselfitisessentialtounderstandtheconceptsdescribed
withintoensureyouhaveanevolvedandsophisticatedviewoftheworldof
penetrationtesting.Orwasthatethicalhacking?
BruceMurphy
VicePresident,WorldWideSecurityServices
CiscoSystems,Inc.
September2005
Introduction
Thefirst"hackers"emergedfromtheMassachusettsInstituteofTechnology
(MIT)in1969.Thetermoriginallydescribedmembersofamodeltraingroup
whowould"hack"theelectrictrainstoincreasethespeedoftheirtrains.
Today,thetermhasquiteadifferentmeaning.Whenpeoplethinkofcomputer
hackers,theythinkofcomputerexpertswhoareadeptatreverseengineering
computersystems.Theymightthinkofmalicioushackerswhoaspiretobreak
intonetworkstodestroyorstealdata,orofethicalhackerswhoarehiredtotest
thesecurityofanetwork.Often,theseethicalhackers,orpenetrationtesters,
mimicthesametechniquesasamalicioushacker.
Theneedforpenetrationtestingissimple.Thebestwaytostopacriminalisto
thinkthewayacriminalthinks.Itisnotenoughtoinstallburglaralarmsand
fencesandassumethatyouaresafefromburglary;toeffectivelystopaburglar,
youmustpredictthemovesaburglarwouldmake.Likewise,topreventagainst
malicioushackers,youmustthinklikeamalicioushacker.Oneofthebestways
thatcompaniesareassessingtheirsecurityagainstattacksisbyhiringoutside
securityfirmstoattempttopenetratetheirnetworks.
Companiesarenolongerfallingvictimtothe"Titanic"syndrome.Whenthe
Titanicwasbuilt,itsengineersneverthoughttheshipwouldsink;companies
nowrealizethatjustbecausetheirstaffstampstheirapprovalthatthenetworkis
secure,youjustdonotknowforsureuntilitistested.
Thisbookarisesoutofthisneedtoknowhowtoperformathoroughand
accurateassessmentofthenetworksecurityforanorganization.Althoughother
booksdescribesomeofthetoolsthatmalicioushackersuse,nobookoffereda
definitiveresourceforpenetrationtesterstoknowhowtoperformafullsecurity
assessmentofacomputernetworkforanorganization.Thisbookiswrittento
fillthisneed.
WhoShouldReadthisBook
Thescopeofthisbookistoprovideaguideforthosewhoareinvolvedinthe
fieldofpenetrationtesting,andforsecurityprofessionalswhodailyfacethe
needtoknowhowtodetectandprotectagainstnetworkattacks.Itisspecifically
targetedtowardthreeaudiences:
Thoseinterestedinhiringpenetrationtesters
Thoseemployedaspenetrationtesters
Thoseresponsibleforsecuringtheirnetworkagainstmalicioushackers
EthicalConsiderations
Itshouldbenotedattheonsetthatthisbookisdesignedasaguidebookfor
ethicalhacking.Thisbookdoesnotendorseunethicalormalicioususeofthe
toolsandtechniquesmentioned.Manyofthetechniquesdescribedinthisbook
areillegalwithoutpriorwrittenconsentfromanorganization.Theauthorsofthis
bookwantyoutocurbanycuriosityyoumighthavetotryoutthesetechniques
onlivesystemswithoutlegitimateandethicalreasons.Usedproperly,thetools
andtechniquesdescribedinthisbookareanexcellentresourceforanyonewho
isinvolvedinsecuringnetworks.
HowThisBookIsOrganized
Thisbookaidsyouinsecuringyournetworkbyexaminingthemethodsof
penetrationtestingasameansofassessingthenetworkofanorganization.It
alsoshowshowtodetectanattackonanetworksothatsecurityprofessionals
canspotanintruderandreactaccordingly.Thisbookofferssuggestionsonhow
togoaboutprotectingagainsttheexploitsdiscussedineachchapter.Numerous
casestudiesareincludedthroughoutthebook,andacompletecasestudychapter
outlinesastep-by-stepexampleoftheentireprocess.
Thisbookisdividedintothreeparts:
PartI:OverviewofPenetrationTesting
Beforeyoucanbeginpenetrationtesting,youmustfirstcomprehendthe
definition,purpose,andprocessofpenetrationtesting.Thefirstthree
chaptersaredevotedtomeetingthisobjective.
-Chapter1:UnderstandingPenetrationTesting
Thisintroductorychapterdefinesthescopeandpurposebehind
penetrationtesting.Throughthenumerousexamplesofreal-world
securitybreachescoupledwithstatisticsontheriseofsecurity
concerns,youlearntheurgentneedforthistypeoftesting.
-Chapter2:LegalandEthicalConsiderations
Hereyoulearnoftheethics,laws,andliabilityissuesrevolvingaround
penetrationtesting.Mimickingthebehaviorofanattackerisa
dangerousassignment;testersshouldunderstandwhatispermissible
sothattheydonotstepovertheboundariesintounethicalorillegal
behavior.
-Chapter3:CreatingaTestingPlan
Becausepenetrationtestingrequiressuchcaution,itisimperativethat
thetesterdevelopastep-by-stepplansothathecanstaywithinhis