1. List the five steps of the hacking process.
Answer: The five steps of the hacking process are: Reconnaissance, Scanning, Gaining Access, Maintaining Access and Covering Tracks.
2. To exploit or attack the targeted systems, what can you do as an initial first step to collect as much information as possible about the targets prior to devising an attack and penetration test plan?
Answer: To collect as much information as possible, we must follow the first phase of hacking, that is, the Reconnaissance. Sources like Internet searches, Social engineering, Dumpster diving, and Non-intrusive external or internal network scanning are used to learn as much as possible about the target system and how it operates, allowing potential attackers to strategize their attack.
3. What applications and tools can be used to perform this initial reconnaissance and probing step?
Answer: The Open Source Intelligence Tools provide sensitive information via various routes. Employee records are accessed to extract information like DNS records, IP address information, internal phone numbers, email addresses, etc., helping the attacker gain an overall picture about potential soft spots of the organization. Some of these tools include Passive Recon, Maltego, Shodan, Metagoofil and GHDB (Google Hacking Database).
4. How can social engineering be used to gather information or data about the organization’s IT infrastructure?
Answer: Social Engineering is one of the major pitfalls against which information about an organization can be leaked or revealed unintentionally. Employees are often easily tricked into providing tidbits of information about the organization through phony emails, phishing and baiting. A social engineer is one who smooth-talks people into revealing sensitive information such as unlisted phone numbers and passwords.
5. What does the enumeration step of the five-step hacking process entail and how is it vital to the hacker’s objective?
Answer: Enumeration is the next process after scanning. Here the process of gathering and compiling usernames, machine names, network resource shares and other system vulnerabilities takes place. It is vital to the hacker’s objective in identifying the user accounts or less protected system resources for hacking and connect to computers in targeted network in order to gain more information through directed queries.
6. Explain how an attacker will avoid being detected following a successful penetration attack.
Answer: Usually after a successful penetration attack, the logical thing for the attacker to do is to cover his tracks and destroy any evidence left behind. This includes
- Eliminating traces like editing and clearing security logs, compromising the system log server and replacing the system files by similar nested files
- Develop a disguise by creating phony legitimate accounts on the compromised sever
7. What method does an attacker use to regain access to an already penetrated system?
Answer: To regain access to an already penetrated system, the attacker must set up a backdoor to avoid setting off sensors for the same exploits again and again. Backdoor can be a Trojan virus (SubSeven, NetBus) or the creation of phony legitimate accounts.
8. As a security professional, you have been asked to perform an intrusive penetration test, which involves cracking into the organization’s WLAN. While performing this task, you are able to retrieve the authentication key. Should you use this and continue testing, or stop here and report your findings to the client? Explain your answer.
Answer: If a security professional who has been asked to perform an intrusive penetration test is able to retrieve the authentication key, it is the first sign that the organization’s WLAN security is not as sound as it is supposed to be. The professional must stop and report these findings to the client to avoid any legal ramifications, unless he is authorized to continue by his contract with the client.
9. Which NIST standards document encompasses security testing and penetration testing?
Answer: NIST 800-42 Guideline on Network Security testing.
10. According to the NIST document, what are the four phases of penetration testing?
Answer: The four phases of penetration testing are Planning, Discovery, Attack and Reporting.
11. Why would an organization want to conduct an internal penetration test?
Answer: The organization would want to conduct an internal penetration test to determine the extent to which it is vulnerable to attacks and imitate the actions of an attacker who has access to the system.
12. What constitutes a situation in which a penetration tester should not compromise or access a system as part of a controlled penetration test?
Answer: The penetration tester must adhere to the terms and conditions that are outlined in the contract with the client and should not perform any actions or penetrate areas outside its scope, as it may lead to legal ramifications.
13. Why would an organization hire an outside consulting firm to perform an intrusive penetration test without the IT department’s knowledge?
Answer: To test the true response of the security team in the event of an actual event, gauge their reactions and make any improvements, if necessary.
14. How does a Web application penetration test differ from a network penetration test?
Answer: Web Application penetration test: looks for security vulnerabilities in the web application itself, the programs deployed and installed on the target environment.
Network penetration test: tests the network security and looks for vulnerabilities in the hardware and software devices on the network.
15. Explain both the information systems security practitioner and hacker perspectives for performing a penetration test.
Answer: The basis for difference in the perspectives of an ISS practitioner and hacker is the goal behind performing the penetration test. An ISS practitioner does it to protect his organization against attacks to the best of his knowledge, while a hacker does it for his own personal motives.