Read Time: 12min

Penetration testing, also known as pen testing, is the process of attempting to 'hack' into a system to identify weak points in a companies defences. Penetration testing can also lead to countermeasures that cut down the risk of the system being hacked. By finding backdoors/loopholes, a penetration tester can then reinforce those areas, preventing them from being exploited. But before we go further into it, let's check out some of the possible ways in which cyber-attacks can happen and then how to find and remove the risk of them occurring.

Computer Network Exploitation (CNE)

When we think of cybersecurity attacks, this is often the type of attack people bring to mind, hacking into the 'mainframe' to find information. This type of attack is unlikely to happen to a private company and is more associated with governmental security systems. The aim is to exploit weaknesses in a security system to gain access to private information and even highly classified intelligence documents. These types of attacks attempt not to be noticed; they try to 'spy' to gain access to as much information as possible.

Computer Network Attack (CNA)

This point of this technique is to destroy information or crash systems. A CNA often uses a data stream to attack a network. This can involve overloading a server with requests so that it crashes. Other attacks in this category can include:

• Eavesdropping
• Data Modification
• Identity spoofing
• Password-based attacks
• Distributed Denial of Service Attacks
• Man in the Middle Attacks
• Sniffer attacks
• Application layer attacks

How does penetration testing work?:

Any organisation who wants to find out the strength of their security or wants to upgrade it may make use of penetration testing. This way, companies can plan and prevent future breaches. Automated tools can help to identify any vulnerabilities which are lingering in the system. The use of scan code for checking the presence of malicious code can promote the prevention of possible security breaches. Furthermore, pen-testing can quickly discover weak spots in the system through the use of data examination and encryption techniques. There are multiple approaches to Pen-testing depending on what you hope to garner from the experience.

How to approach Pen-testing:

1. Black box penetration testing:

Similar to outside hackers, the pen-tester will not have any insider knowledge of the systems and processes of the company. This requires an outside contractor to complete the pen-test. Because there is no prior knowledge, this process takes a lot longer to complete. Often the Pen-tester will try a brute force attack and try to find any holes in the security system.

2. White box penetration testing:

This method makes use of all necessary information of the target environment such as source code, IP address, schema, or network. The Pen-tester has access to all information about the systems. Because they start at an advantage, the process takes a lot less time than the Black box approach. The White box method offers a much more thorough Pen Test. However, it may take longer for the Pen-tester to determine what to focus on and will require more sophisticated tools to complete.

3. Grey box penetration testing:

As the name alludes, this test is a mixture of both White and Black testing. It is done from the perspective of someone with only partial knowledge of the internal workings of the web applications, often just the software code and system architecture diagrams. Both manual and Automated attacks can be implemented. There is usually a focus on the web applications as this is what they are most knowledgable of. There is a higher probability of "hard to find" security holes being found.

Automated penetration testing:

This method makes use of tools which can scan numerous vulnerabilities at once, saving time. Manual pen-testing is tedious; automated pen-testing allows the professional testers to use their abilities and skills where it is needed the most, making the most of their time. These tools are quite efficient and mimic the mind of a hacker to trigger an intrusion process in the targeted environment. Furthermore, automated pen-testing provide an accurate and rapid assessment of a security system.

Manual penetration testing:

Not all vulnerabilities can be detected through automated processes. Hence, you need manual assistance to unveil possible malicious threats. Professional penetration testers are equipped with expert knowledge and skills which can initiate an efficient attack on the system. Thus, exposing the vulnerabilities of the network and finding ways to prevent it.

A good pen-tester will use this mix of automated and manual testing to fully understand gauge the security systems ability to withstand a cyberattack. By making use of their professional knowledge and variety of tools, they can then reinforce any vulnerable area, making it stronger and better able to protect the companies sensitive data.

Techniques for penetration testing:

1. Network Services
2. Client-Side
3. Web Applications
4. Wireless
5. Social Engineering

Network Services

This is the most popular test requested by clients. The test involves finding weaknesses and vulnerabilities in the network infrastructure of a company. This process consists of examining:

• Firewall configuration testing
• Stateful analysis testing
• Firewall bypass testing
• IPS evasion
• DNS attacks

This type of testing is not considered to be an in-depth test and should be accompanied by another test.

Client-Side

A client-side test tries to find any vulnerabilities on software that can be found very quickly on a client computer such as an employees laptop. These are some of the most common to be found, such as web browsers, content creation software, media players, etc. All the typical programs used by employees that they are downloading onto their desktops.

Web Applications

This type of test is often referred to as a deeper dive into security setups. It, therefore, is more detailed a thorough, it works to find any security vulnerabilities in Web-based applications. This type of test will take a long time to complete per web application.

Wireless

This test is relatively self explainable; it involves testing all of the wireless devices that are owned by a corporation. Laptops, Smartphones, Tablets, etc. The testing includes finding holes in wireless protocols, wireless access points and administrative credentials. The test nearly always must be completed on-site to be able to access the wireless network.

Social Engineering

While the other means involve a high level of technical experience, this test involves social skills. A companies biggest weakness in their security is their employees. Social engineering consists of attempting to get confidential or proprietary information by tricking employees to reveal private information. Within social engineering, there are two main approaches:

• Remote Testing: This consists of trying to get an employee to disclose sensitive information through electronic means. You might get this through phishing emails.
• Physical Testing: This is the process of trying to get information through physical means. This can include dumpster diving, phone calls, impersonation and lying to gain information, etc.

Most often found vulnerabilities:

1. Human errors:

Unlike automated processes, humans are capable of making mistakes which can unintentionally lead to severe malicious intrusion. Leaving sensitive documents and data unattended, sharing passwords, phishing attacks and coding errors can be left unnoticed until a pen-test.

2. Weak system configuration:

If the system is not configured correctly, then it can give many ways for hackers to find loopholes to invade the system and export the data easily. Hackers are likely to attack known weaknesses for which patches have been released. If the patches are not kept up to date, they can be easily exploited. Similar to this, unsupported software opens the company up to risk. If a computer is still running on a software that is no longer being updated, such as Windows XP, known vulnerabilities are not having their patches updated by windows and therefore open to being attacked.

3. Insecure in-house developed applications:

Internally developed applications are often not thoroughly checked as third party products before being rolled out inside a company and therefore are more likely to have holes in their security. As a result, intruders may find it easy and convenient to breach the lack of security.

4. Passwords:

Passwords prevent access from unauthorised people and strengthen the security of a system. However, easy to guess passwords are useless. Moreover, people are likely to share their password or write them somewhere not to forget it. Thus, the code can be leaked and increases the likelihood of the system being exploitation. The biggest threat is when a password is reused on multiple sites. If a hacker gets access to the password, they can gain access to all other platforms where the password has been used.

For more information on penetration testing and other cybersecurity roles, check out the WithYouWithMe Portal. Courses are given for FREE to all ex-military and their families.