Networking and penetration testing
•Download as PPT, PDF•
3 likes•2,533 views
This document discusses network security and penetration testing. It provides an overview of creating a networking lab and the tools used, including Cisco Packet Tracer, Backtrack, Metasploit, and Wireshark. The document then covers network security topics like common network threats, router security, switch security, and port security. It defines penetration testing and explains its goals of finding vulnerabilities and recommending improvements. The phases of penetration testing are outlined as profiling, enumeration, vulnerability analysis, exploitation, and reporting. Different styles of penetration testing like blue team and red team are also summarized.
Report
Share
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Networking and penetration testing
Similar to Networking and penetration testing (20)
Recently uploaded
Recently uploaded (20)
Networking and penetration testing
- 1. -Sandeep Kr. Mehto -Mohit Chandra Belwal C.S.E 4th Yr.
- 2. Contents Networking and it’s security Creating Networking Lab Penetration Testing Phases of Penetration Testing Tools:- i. Cisco Packet Tracer ii.Backtrack iii.Metasploit iv.Wireshark
- 3. Network security- In 2009, the computer Security institute (CSI) produce a report for the 2009 c0mputer crime and security survey that provided an updated look at the impact of computer crime in the united states. company loses due to computer crime have double over the past year, so the cost of poor security is increasing
- 4. Need for network security- The network infrastructure, services, and data are crucial personal and business as sets. The protection of sensitive data. Secure an organization’s network
- 5. Close networks- Attack from inside the network remain a threat. There is no outside connectivity. Does not allow a connection to public networks. The 60 t0 80 % of network misuse comes from inside the enterprise.
- 6. Open networks- Security open network is important. Open network are also included – 1. Public and 2. Private network. O to 20 % network is open network. Maximum par of open network is wire less networks. Packet are send point to point connection.
- 7. Common threats- Physical installations – 1. Hardware threats. 2.Environmental threats. 3. Electrical threats. Maintenance threats- 1. Poor handling of key electronic components 2.Poor cabling . 3. Poor labeling and etc
- 8. Used equipments in a lab-
- 9. Hub- Hub multiple ports. Repeater broad cast signals Simplifies signal. Switch learn MAC address (flooding) Equal speed to all port. Multiple collection
- 10. Bridge- Bridge less speed to switch. Router learn best path.
- 11. Used cables- state cables- also connected PC to switch and switch to router.
- 12. Cross cable- cross cable are also connected PC to PC. Switch to switch
- 13. Serial cable- also connected router to router.
- 14. Rollover cable – also connected to a PC to router. And PC to Switch
- 15. IP address- Class A IP address Class B IP address Class C IP address Class D IP address Class E IP address
- 16. Class A IP address- Any add. Start with the value between 1 to 126. First octet is network add. Another is host add. The first octet of the 32-bit number is a class A add. 0 and 127 is also reserved.
- 17. Class B IP address- IP range 128 to 191 2 network and 2 host octets.
- 18. Class C IP address- Range 192 to 223 3 network and 1 host octet. 3 network and only one host add.
- 19. Class D IP address- Range 224 to 239 Multicast – one to many.
- 20. Class E IP address- Range 240 to 255 Remaining all are reserved
- 21. Security in network- Three types most important security in a networking. Router. Switch and Port security.
- 22. Router Security- Enable Password- (user mode/priv. mode). Secret Password- (user mode). Console Password- (before user mode). Telnet Password- (for remote login).
- 23. Switch Security- Secure switch access : a.Secure physical access of the switch. b.Set system password. c. Secure remote access. d.Use SSH when possible. • Secure access by telnet. • Disable HTTP, enable HTTPS. Disable unneeded services.
- 24. Port security- Port security restricts port access by MAC add- o Dynamic (limit number of add.). o Static (static configuration of add.). o Combination (static + dynamic). o Sticky.
- 25. What is penetration testing? Penetration Testing or Pen Testing: The practice of testing a computer system, network or web application to find vulnerabilities that an attacker could exploit by simulating attacks from both internal and external threats Goals Determine the adequacy of security measures Identify security deficiencies Recommend training
- 26. Why penetration test? To find poorly configured machines. Verify that security mechanisms are working. Help organizations to tighten the Security system. FACT!!!! 99.9% secure = 100%vulnerable!
- 27. Penetration Testing is NOT Hacking Hacking Pen Testing No time limit No limitations Unknown objectives Illegal Limited time Well defined scope Clearly defined goals Legal
- 28. Performing a penetration test Phases of a penetration test:
- 29. Profiling Research phase Passive Reconnaissance Strategy Obtain publicly available information on target Tactics Query publicly accessible data sources Observe physical defenses Covertly survey company and employees
- 30. Enumeration Discovery Phase Active Reconnaissance Strategy Find detailed information Find possibly vulnerable points of entry Tactics Map the network Analyze and identify each individual host Survey physical security mechanisms Compile list of possible entry points for an attacker
- 31. Vulnerability Analysis Systematic examination of vulnerabilities Procedure Using all the information gathered in the previous phases, identify vulnerabilities in the system Tactics Prioritize analysis of commonly misconfigured services Use automated tools if applicable/available
- 32. Exploitation Gaining access Procedure Verify previously identified vulnerabilities by attempting to exploit them Show what access can be gain and what assets can be affected
- 33. Reporting The important part Procedure Compile findings into a complete report Include methods as well Make suggestions to fix vulnerabilities
- 34. Styles of Penetration Testing Blue Team Tested as a trusted insider with complete access Perform a through survey of systems with complete access to systems to determine any vulnerabilities or misconfigurations. Attempts to provide an exhaustive listing of potential vulnerabilities
- 35. Styles of Penetration Testing Red Team Test done as an external hacker Attempt to penetrate defenses any way possible Only attempts to find single point of entry
- 36. Pen Testing Tools Backtrack Custom Linux Distribution
- 37. Pen Testing Tools Metasploit Exploitation framework
- 38. Pen Testing Tools Wireshark Network traffic monitoring tool
- 39. Questions?
Editor's Notes
- Clarke was the counter/Anti-terrorism advisor during the Clinton/Bush administrations