Copyright Goodheart-Willcox Co., Inc. 92 Penetration Testing ■ ■ Penetration testing is a process in which white-hat hackers are given permission to access a system in an attempt to penetrate defenses to locate vulnerabilities. It is a form of ethical hacking. ■ ■ Pen testing is recommended because a pen exploits weaknesses in a system of an organization. It uses skilled ethical hackers to test the security of a system for a specified time. ■ ■ Three key items that are important in penetration testing are establishing the rules of engagement (RoE), identifying the exercise types, and giving testing authorization an outside source. Reconnaissance■ ■■ Reconnaissance is information gathered. It can be either passive or active. ■ Passive reconnaissance is the gathering of data and information without the target being aware this is happening. This is accomplished by a tester conducting research or using tools to gather information. Methods include war driving, war flying, social engineering, OSINT, and footprinting. ■ ■ Active reconnaissance is the active discovery and gathering of data by using tools to interact with a system. Methods include port scanning, banner grabbing, and SMTP querying, all of which are likely noticed by a company’s defenses. Penetration Techniques ■ ■ Penetration techniques test the controls that are supposed to prevent access to the network, as well as movement and gaining higher privileges within the network. ■ ■ Penetration techniques include initial exploration, pivot, lateral movement, persistence, and escalation of privilege. Penetration Testing Cleanup ■ ■ At the conclusion of the penetration testing, it is important to perform a cleanup of the environment. ■ ■ The cleanup includes removing executable scripts, temporary files, backdoors, or rootkits used during the test. If user accounts were created during the test, they should also be removed. Reconfigured devices or software must be reset to their original state. Baselines and Performance ■ ■ A baseline is a starting point from which data comparisons are made. Establishing and reviewing baselines related to how a system is used is referred to as usage auditing. ■ ■ Establishing baselines are important because they provide insight into varying levels of network usage under normal circumstances. The Performance Monitor is used to establish and monitor a baseline. ■ ■ Another way to monitor data is to use data collector sets. A data collector set gathers information and saves it as a report so the information can then be further studied.