When it comes to hacking, ethical or not, many of us imagine a dark room with monitors and a bespectacled professional with red eyes from constant sleep deprivation.
Can only a professional geek really hack a system, and is it really necessary to involve only such experts in order to test the security of your systems? Is it possible to equip a competent IT specialist with hacker tools and a logical methodology and get a high-quality result?
During a penetration test, a security tester acts like a real hacker: he finds the vulnerabilities that are easiest to exploit, exploits them, and gains access to the information he needs. Typically, the goal is the need to gain administrative access or access to specific information (for example, data on the salaries of top managers).
The key feature of penetration testing is that not all available vulnerabilities are searched, but only those that are necessary to achieve the selected goals (as in the case of a real hack). Since there is combat exploitation of vulnerabilities, negative consequences are possible in the form of frozen services, server reboots, and headaches for system administrators.
Scanning for vulnerabilities
Imagine that you decide to hack a website with your bare hands. What will you do? First of all, try to determine the version of the web server and/or CMS system you are using. What for? In order to “google” and find information about already known vulnerabilities and available exploits. This is what the attackers did 15 years ago, and they are doing the same now.
This process can be automated, which has been done by numerous developers of security analysis tools: vulnerability scanners have appeared. Of course, scanners do not use Google but search for information about vulnerabilities in their own database.
Vulnerability scanning allows you to quickly “shovel” the IT infrastructure and finds problem areas. But the scanner operates in a linear fashion and can miss interesting combinations of vulnerabilities that combine to create a serious security hole.
Security Testing Objectives
Increasingly, security testing customers are voicing the following two goals: to identify the maximum number of real vulnerabilities in order to quickly close them and check the vigilance of company employees.
To achieve the set goals, it is impossible to conduct full testing using only one of the considered approaches. It is useless to cover all available vulnerabilities with a pure penetration test, limiting ourselves to scanning for vulnerabilities. Because it will find a large number of garbage detections, and errors in settings discovered during configuration analysis will not always lead to a real penetration opportunity.
Comprehensive security testing
To form an approach to comprehensive security testing, it is advisable to take the sequence of actions of attackers and add the use of effective tools that real hackers cannot afford due to their unmasking features.
We divide the security testing process into the following stages in accordance with the stages of real hacking:
- Searching for targets;
- Searching for vulnerabilities;
- Expansion of privileges and zones of influence.
Free Ethical Hacker Toolkit
There are several hundred utilities for real hacking and penetration testing. However, to fully test security, you need to use several tools. The undisputed leader among such tools “in one box” is the Kali Linux build.