CompTIA Pentest+ Certification For Dummies. Glen E. Clarke
Чтение книги онлайн.

Читать онлайн книгу CompTIA Pentest+ Certification For Dummies - Glen E. Clarke страница 22

Название: CompTIA Pentest+ Certification For Dummies

Автор: Glen E. Clarke

Издательство: John Wiley & Sons Limited

Жанр: Учебная литература

Серия:

isbn: 9781119867296

isbn:

СКАЧАТЬ the Project

      During the pre-engagement activities, it is important to have an initial meeting with the customer that allows you to discuss the scope of the project and get an understanding of what the customer’s goals are for the penetration test.

       What is the goal of the penetration test? (Why is it being done?)

       Is the penetration test going to test internal systems, external systems, or both?

       What are the Internet Protocol (IP) ranges of the internal and external systems that are being tested?

       What are the internal and external domain names of the systems to be tested?

       Does the company own the systems using those IP addresses?

       Are there any systems hosted by third-party companies such as an ISP or a cloud provider?

       What applications and services will be tested?

       What types of tests are to be performed? For example, are you testing physical security and/or social engineering, and are DoS attacks allowed?

      If performing an unknown-environment (or black box) test, which is discussed in Chapter 1, the penetration tester is typically responsible for discovering target services, and some would say the target IP addresses. The important point here to remember is that you want the customer to give you the target IP addresses and domain names so that you can be sure you have proper authorization to perform testing on those systems. If it is up to the pentester to discover the IP addresses, especially external IP addresses, the tester runs the risk of performing the penetration test on an unauthorized IP address or system owned by someone else.

      Target list/in-scope assets

      As you scope out the penetration test, you need to determine what company assets are the in-scope assets for the penetration test. In-scope assets are targets during the penetration test. Following are examples of targets for a penetration test:

       Wireless networks: Determine what wireless SSIDs are to be targeted in the penetration test.

       Internet Protocol (IP) ranges: Determine IP ranges that are to be targeted during the penetration test.

       Domains: Determine any internal and external domain names that should be targeted during the penetration test.

       Application programming interfaces (APIs): Identify any APIs that should be tested. APIs are code that is called upon by other applications and should be tested. This includes stand-alone APIs such as custom DLLs and web APIs such as RESTful web services.

       Physical locations: Determine the physical locations that are in scope with the penetration test and if you have permission to attempt to bypass physical access controls to gain access to those locations. For example, a customer may state that the company’s Boston data center is in scope, but data centers at other locations are not.

       Domain name system (DNS): Identify the DNS server addresses used for internal DNS and external DNS.

       External versus internal targets: Take time to identify what internal targets (on the LAN) are in scope and what external targets (on the Internet) are in scope.

       First-party versus third-party hosted: It is important to identify assets that exist on-premises (first-party) and assets that are hosted in the cloud (third-party).

      Fortheexam Be sure to understand the type of targets for a penetration test. Also note that if the target is a cloud resource or other asset hosted by a third party, you must get permission from the third party or cloud provider to perform testing on those assets.

      Depending on the type of testing being performed, there are a number of other questions you can ask during the scoping of the project. The Penetration Testing Execution Standard (PTES) website found at www.pentest-standard.org has an extensive list of questions you can ask. The following sections list example questions for each different type of test.

      General questions

       What is the goal of the penetration test? (Why is it being done?)

       Is the pentest being performed for compliance reasons?

       What hours of the day can the penetration test be performed (business hours/non-business hours)?

       What are the internal and external target IP addresses?

       Are security controls in place such as firewalls and intrusion detection systems?

       If a system is compromised, what actions should be taken next (for example, no action, elevate privileges, and so on)?

      Web application testing questions

       How many web applications/sites are being tested?

       How many of those require authentication?

       How many static pages are in those sites?

       How many dynamic pages are in those sites?

       Is the source code available for review?

       Is authentication testing to be performed?

      Wireless network testing questions

       How many wireless networks are there?

       What wireless encryption protocol(s) are being used?

       What is the area covered by wireless?

       Should detection of rogue devices be performed?

       Should wireless attacks against clients be performed (or just focus on the access point)?

       How many wireless clients are there?

      Physical security testing questions

       Is physical security testing part of the pentest?

       How many locations are there?

       Are the locations shared with other businesses? If so, what floors do you occupy?

       Are lock picks and bump keys allowed to bypass a locked door?

       Are video cameras being used? If so, does СКАЧАТЬ