Penetration Test vs. Vulnerability Assessment

In: Computers and Technology

Submitted By Marinesdogs
Words 255
Pages 2
Penetration Test vs. Vulnerability Assessment
Ø Penetration testing ensures you that your network will not be penetrated by malicious users.
Ø Vulnerability Assessment gives an organization the ability to identify potentials for intrusion to their network.
Ø Penetration test are more intrusive
Reason for Assessement
Ø Identify the vulnerability

Ø Quantify the vulnerability

Ø Prioritizing the vulnerability

Internal vs. External

Ø Internal assessment shows the vulnerabilities that employees or anyone with access to the internal network and exploit them.

Ø External assessments shows the vulnerabilities from someone without direct access to the internal network.
Window of Vulnerability
Ø Unknown Window of Vulnerability

Ø Known Window of Vulnerability
Risk
Ø Vulnerability
Ø Attacks
Ø Threats
Ø Exposure

Risk = Vulnerability x Attacks x Threats x Exposure
Risk of Internal Assessment
Ø Can’t be truly objective

Ø Fair and impartial assessment

Management is force to deal with the “fox in the Hen House” problem
Steps 1-3 to an Successful Assessment
• Understand the consequences

• Document Management buy-in

• Develop manageable objectives

Step 4-6 to an Successful Assessment
• Determine method

• Plan for disruptions

• Develop an assessment in a impactful, yet understandable, way.

Qualified and Experienced outside Third Party.
Ø Protect yourself with an contract
Ø Breadth of experience
Ø Currency with the latest technical and legal development
Ø Cost effective
Ø Protect the Dissemination of the assessment finding
Legal
Gramm-Leach-Bliley Act
Ø ensure the appropriate safeguards of the security and confidentiality of customer records and information.
Ø Protect against anticipated threats
Ø Protect against unauthorized…...

Similar Documents

Penetration Test Plan

...Malcolm Testing Solution’s Penetration Test Plan Customer: The Fitness Club Introduction: The Fitness Club has already been victim to hacking that took place on their web server. They are unsure if this occurred due to a former administrator who quit or if by an external party. Malcolm Testing Solutions has been tasked with creating a penetration test plan to prevent further acts of attack on the Fitness Club’s network. The objective of the assessment is to provide feedback to The Fitness Club with respect to its ability to preserve the confidentiality, Integrity, and availability of the information maintained by and used by its origination. Malcolm Testing Solutions will test the use of security controls used to secure sensitive data. Services Overview: This project shall include 1 consultant for a time period of 2 days onsite at a single customer location to provide internal penetration test services. Malcolm Testing Solutions will provide tools, knowledge and expertise to execute an internal penetration test on customer designated devices. Malcolm Testing Solutions will attempt to compromise the access controls on designated systems by employing the following methodology: 1. Enumeration – Once Malcolm Testing Solutions has arrived for The Fitness Club’s assessment they will connect to the network via the data port provided by the customer. Once connected, Malcolm Testing Solutions will run a variety of information gathering tools in order to enumerate computers and......

Words: 566 - Pages: 3

Hazard Vulnerability Assessment

...The Philadelphia Water Department, Baxter Water Treatment Plant Anthony Vega, Denise Youmans, Christopher Williams, Stephen Glenn, Darnell Jessie Immaculata University EPM 301 Report Summary The purpose of this assessment is designed to look at the hazard vulnerability and exploitation potential surrounding The Philadelphia Water Department, Baxter Water Treatment Plant located at 9001 State Road in Philadelphia, Pa. The treatment plant must be prepared for every emergency when considering the safety of the community. This assessment is a detailed analysis of the possible catastrophic events that could occur in or near the water treatment plant and an inquisition into the possible contingency plans in the event that a catastrophe occurs. This assessment is designed to identify and assess hazards to which the Baxter Treatment Plant is ill-prepared to respond and strengthen these weak areas. Methods We, as a group, conducted site visits and surveys of the property. A point of contact was established within the Philadelphia Water Department, but the Water Department policies dictate that written approval for a site visit must be approved by higher level management. These policies and the limited amount of time in the accelerated semester did not allow us to complete an internal site visit. As a contingency, we evaluated the site from the exterior. Physical surveillance was conducted allowing us to observe the visible security of the premises. The building is......

Words: 4007 - Pages: 17

Vulnerability Asses Vulnerability Assessment System Penetration and Analysis Testingsment System Penetration and Analysis Testing

...| Vulnerability Assessment System Penetration and Analysis Testing | |Memo | Internal Penetration Testing Tool and Purchase | | | | With the recent attack/hack on agency's network town police department authorities came to a decision to conduct a complete assessment on network vulnerabilities. The main goal of this memo is to assess or evaluate the network penetration tools available in the market. Compare the tools. Cost to buy and implement these tools internally. Hire a professional service to evaluate these tools. In this memo we will cover the internal implementation at high level. In the market there are many penetration tools like a. Nmap - Worlds Best Port Scanner b. Nessus - Vulnerability Scanner c. Metasploit - Exploit framework For testing Vulnerabilities I picked the above three mentioned tools which are widely used in many organizations and would be perfect for this scenario. The penetration tools that could be used to conduct a vulnerability analysis are; Nmap and Nessus which provide a number of penetration testing techniques such as port scanning, Credentialed and uncredentialed scans, enumeration,......

Words: 1156 - Pages: 5

Qualitative vs. Quantitative Risk Assessment

...Qualitative vs. Quantitative Risk Assessment U.S. Industries, Inc. has just won a contract with the U.S. Government to expand an existing network. U.S. Industries has never traded with the U.S. Government at this level before, thus we must gain an understanding of the qualitative and quantitative risks surrounding this project. We must also look at Operations, Audit, Compliance, Budgeting and the many other facets of business that we may be able to map out all of the components used to assign a proper risk rating to this project. Quantitative risk assessment begins when we have the ability to apply a dollar amount to a specific risk. If the project was to be finished a month early there would not be a risk because the company would save money, however at what cost? Projects that are done early usually go wrong. If the project is completed on time but not with the required security measures the company would not be in compliance with PCI DSS. By completing the project a month early using the mandatory security requirements there is no risk. Qualitative risk assessment comes into play in a different form. There are additional factors and threat vectors into our contract. We now find out that the database that once held only 1,000 records is now going to hold a range of 100,000 records to 1,000,000 records, as well as the new knowledge that multiple groups within the organization will be accessing and modifying the database daily. We have also been informed that we......

Words: 851 - Pages: 4

Attack and Penetration Test Plan

...Attack and Penetration Test Plan Part 1: Table of Contents 2. Scope 3 .Goals and Objectives 4. Tasks 5. Reporting 6. Schedule 7. Unanswered Questions 8. Authorization Letter Part 2: Scope Production e-commerce Web application server and Cisco network. Located on ASA_Instructor, the e-commerce web application server is acting as an external point-of-entry into the network: • Ubuntu Linux 10.04 LTS Server (TargerUbuntu01) • Apache Web Server running the e-commerce Web application server • Credit Card transaction processing occurs The test will be intrusive, meaning specific security points will be passed. Part 3: Goals and Objectives • If security software is up to speed, and penetration is not possible, a positive result will be given. If security software is not what it should be, penetration will be easy and the results will be explained to you in a separate report. Part 4: Tasks • Determine website size • Determine code of the website Part 5: Reporting • Upon completion of the penetration test, all results found will be in a separate report written by the person whom is performing the test. Part 6: Schedule Phase One-Information Collection (2 days) 1. Client authorization letter 2. Further client information 3. Get IT infrastructure Phase Two-Test Plan Development (3 days) 1. Determine scope 2. Use IT infrastructure to gain further knowledge about what is to be penetrated 3. List things to be penetrated and things that are off limits Phase...

Words: 458 - Pages: 2

Lab 2 Performing a Vulnerability Assessment

...Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. Zenmap is the official GUI for the Nmap Security Scanner. It is a multi-platform, free and open-source application designed to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. This can be used for example to audit a network on a specific IP scheme. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? OpenVAS 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? Written permission must be obtain before performing an intrusive penetration test or vulnerability assessment scan on a live network. 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? CVE is a publicly available and free to use list and dictionary of standardized identifiers for common computer vulnerabilities and exposures. It is sponsored by the office of Cybersecurity at the US Department of Homeland Security. The site is managed by the MITRE Corp. 5. Can Zenmap detect which operating systems are present on IP servers and workstations? Which option includes that scan? Yes, by using TCP/IP stack fingerprinting......

Words: 406 - Pages: 2

Vulnerability Assessment Scan

...Performing a Vulnerability Assessment Course Name and Number: Student Name: Student Number: Instructor Name: Onook Oh Submission Due by: 11:59PM on February 3rd, 2015 ------------------------------------------------- Overview To complete the Lab Assignment for Chapter 3, students should first carefully read the “Introduction” information in the lab interface. And then, follow all “Steps” as described in the Lab interface. In this lab, you will use Nmap commands within Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also will use OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you should use the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings ------------------------------------------------- Learning Objective of the Lab Assignment Upon completing this lab, you will be able to: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using Zenmap to 
perform an IP host, port, and services scan. * Perform a vulnerability assessment scan on a targeted IP subnetwork using OpenVAS. * Compare the results of the Zenmap scan with a OpenVAS vulnerability assessment scan. * Assess the findings of the vulnerability assessment scan and identify critical......

Words: 559 - Pages: 3

Lab 4 Performing a Vulnerability Assessment

...similar tools, are typically used during the scanning and vulnerability phase of the ethical hacking process 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? OpenVAS, and similar tools, perform vulnerability assessment of Unix, Windows, and network infrastructures and can perform a network discovery of devices, operating systems, applications, databases, and services running on those devices. These tools are typically used to complete the scanning and vulnerability assessment phase of the ethical hacking process once the network-mapping scan (that was in Part 1 of this lab) is completed. Conducting a vulnerability scan on entire subnets can be noisy (making them easily detected) and time-consuming. You can limit the breadth and scope of the scan by specifying the hosts you want to scan in a simple text file. 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? Written permission must be obtained before performing an intrusive penetration test or vulnerability assessment scan on a live network. 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? CVE is a publicly available and free to use list and dictionary of standardized identifiers for common computer vulnerabilities and exposures. CVE is co-sponsored by the office of......

Words: 466 - Pages: 2

Lab #2: Performing a Vulnerability Assessment

...Lab #2 – Assessment Worksheet Performing a Vulnerability Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used Nmap commands within the Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also used OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you used the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings. Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? 5. Can Zenmap detect which operating......

Words: 307 - Pages: 2

Vulnerability Assessment

...Assessment Worksheet Performing a Vulnerability Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used Nmap commands within the Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also used OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you used the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings. Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? 5. Can Zenmap detect which operating systems are present on IP......

Words: 297 - Pages: 2

Vulnerability-Assessment

... Chapter 1 Vulnerability Assessment Solutions in this Chapter: I What Is a Vulnerability Assessment? I Automated Assessments I Two Approaches I Realistic Expectations Summary Solutions Fast Track Frequently Asked Questions 1 285_NSS_01.qxd 2 8/10/04 10:40 AM Page 2 Chapter 1 • Vulnerability Assessment Introduction In the war zone that is the modern Internet, manually reviewing each networked system for security flaws is no longer feasible. Operating systems, applications, and network protocols have grown so complex over the last decade that it takes a dedicated security administrator to keep even a relatively small network shielded from attack. Each technical advance brings wave after wave of security holes. A new protocol might result in dozens of actual implementations, each of which could contain exploitable programming errors. Logic errors, vendor-installed backdoors, and default configurations plague everything from modern operating systems to the simplest print server.Yesterday’s viruses seem positively tame compared to the highly optimized Internet worms that continuously assault every system attached to the global Internet. To combat these attacks, a network administrator needs the appropriate tools and knowledge to identify vulnerable systems and resolve their security problems before they can be exploited. One of the most powerful tools available today is the vulnerability assessment, and this......

Words: 9203 - Pages: 37

Conducting a Penetration Test on an Organization

...Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Conducting a Penetration Test on an Organization This document is decided to give readers an outlook on how a penetration test can be successfully done on an organization. A methodology has been drawn out in this document to allow readers to be acquainted with the process that penetration testers go through to conduct a penetration test. AD Copyright SANS Institute Author Retains Full Rights Conducting a Penetration Test on an Organization TABLE OF CONTENTS PAGE 2 What is a Penetration Test? 2 fu ll r igh ts. Abstract eta ins The Process and Methodology Planning and Preparation Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Information Gathering and Analysis Vulnerability Detection Penetration Attempt Analysis and Reporting Cleaning Up rr Limitation of Penetration Testing ut ho Conclusion 10 10 Appendix A: Netcraft (www.netcraft.com) results on www.sans.org 12 Appendix B: Penetration Testing Tools 14 tu te 20 ,A 11 02 Bibliography 3 3 4 6 7 9 9 sti DETAILS © SA NS In Full name: Chan Tuck Wai GIAC userID: twchan001 Course: Security Essentials Version: First (Original Submission) Conference Location: Malaysia Key......

Words: 5638 - Pages: 23

Performing a Vulnerability Assessment

...controller c. peripheral device d. serial and parallel ports (explain the difference) e. adapter card, expansion card, interface card f. video adapter, video card g. pixel h. keyboard i. mouse j. printer k. BIOS l. device driver m. systemboard, motherboard n. video cable o. drive cable p. ribbon cable q. expansion slot (ISA, EISA, MCA, VL bus, PCI, local bus; what does each of the acronyms stand for?) r. ZIF socket (what does “ZIF” stand for?) s. SIMM (what does “SIMM” stand for?) t. system realtime clock u. jumper v. chipset w. cache memory x. power supply cable y. RAM and ROM z. CPU, microprocessor aa. coprocessor bb. primary storage and secondary storage (give examples of each, and know which is which) cc. volatile vs. nonvolatile memory (know which is which) dd. CMOS configuration chip ee. traces ff. bus gg. power supply 3. Be able to identify all of the items shown in Figures 1-2, 1-3, 1-4, and 1-5 in Andrews’ A Guide to Managing and Maintaining Your PC. 4. What are the principal functions of an Operating System? 5. Distinguish between, and give examples of the use of: a. a command-driven interface b. a menu-driven interface c. a GUI 6. Define: a. Multitasking b. Multithreading c. Operating environment (e.g., a GUI environment; a single- or multitasking environment) 7. OPTIONAL: Name seven operating systems that are commonly used in desktop computers, and describe the advantages and disadvantages of......

Words: 2332 - Pages: 10

Vulnerability Assessment

...measures to protect the systems and data. The second step is the test the employee’s using scenario based mock attacks that would help the user properly respond to SE attacks. A program tailored to specific types of users would help to educated them about techniques used against them and the systems they use. (Tipton, H. & Krause, M., (2007)) C. Simulated vulnerability test using Social Engineering Social engineering attacks have four generally recognized phases. The ‘preparation’ phase is where information is gained, either by chatting up employees, dumpster diving, internet research, or fake job applications/interviews that can be leveraged for intimate information about the target or to develop a rapport with people associated with the target. The ‘pre-attack’ phase takes this information and develops it into a plan of attack, laying out the objectives of the attack and the methods used. The ‘attack phase’ is where individuals are compromised, either directly or remotely, and whatever objectives for the hack are met. The ‘post attack’ phase is dedicated to controlling the aftermath of the attack or turning the objectives of the attack into vectors for further exploitation. (Janczewski & Colarik, 2007) A vulnerability assessment should take care to include each phase of an SE attack so that all correctable deficiencies are found. The first phase of an SE attack is reconnaissance, so a vulnerability assessment should be done on the company’s website. Internet......

Words: 1868 - Pages: 8

Vulnerability Assessment Penetration Analysis

...Vulnerability Assessment Penetration Analysis A. Memo For Record: IDS upgrade or replacement Summary of Events: The health care clinic’s network security appliance (combined router/firewall/wireless access point) was hacked and passwords were cracked. Configuration changes to this device opened the network to a Denial-of-Service (DoS) attack. The result of this attack prevented access to patient records and insurance claims as part of their daily routine. The network Intrusion Detection System (IDS) sensor had been previously disabled because of degradation of network performance caused by the device. No advanced notification of system degradation caused by the DoS attack was identified until employees were unable to use the network to perform the jobs. IDS Definition: Network IDS is part of the external boundary protection and monitoring system. Threats to the network from external sources are identified and reported using a management console. With the sensor disabled attacks against the network can be accomplished undetected and reduce response time. “An intrusion detection system (IDS) is software that automates the intrusion detection process. An intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. IDS and IPS technologies offer many of the same capabilities, and administrators can usually disable prevention features in IPS products, causing them to...

Words: 972 - Pages: 4

practice | Shokugeki no Soma 170 | Pink Dolls Rocking Cradle Crib Cot Bed Girls Toy With Mobile, Blanket Pillow