lptv4 module 44 penetration testing report analysis_norestriction
DESCRIPTION
LPTv4 Module 44 Penetration Testing Report Analysis_NoRestrictionTRANSCRIPT
/ECSA/LPT
EC Council Mod le XXXXIV EC-Council Module XXXXIV
Penetration Testing R t A l i Report Analysis
Penetration Testing Report AnalysisAnalysis
Your pen-test team has completed the onsite technical evaluation Your pen-test team has completed the onsite technical evaluation of your client, and now it’s time to review all the information you gathered.
Conduct a team meeting with your peers and analyze the output from the tests you conducted.from the tests you conducted.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Report on Penetration Testing
Divide the reports into sessions as f ll
• Network test reports.Client side test reports
follows:
• Client-side test reports.• Web application test reports.
f i
E ti
Common structure for penetration report includes:
• Executive summary.• Management summary. • Technical summary.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Pen-Test Team Meeting
Set up the agenda for the meetingSet up the agenda for the meeting
Bring up questions about your findingsBring up questions about your findings
Assign work on the sections of the findings to individual members
Create an action plan and deadlines Create an action plan and deadlines
Consult any additional expertise that
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
C y pmight be needed
Research Analysis
Research the vulnerabilities you have Research the vulnerabilities you have found and discover the latest fix or patch for each vulnerability.
Extensive research must be conducted for each vulnerability.
Simply saying "vulnerability found in X module" is not enoughmodule is not enough.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Pen-Test Findings
Findings are security issues that you Findings are security issues that you uncovered during your penetration testing.
• High.
Findings are categorized as:
High.• Medium.• Low.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Rating Findings
High criticality findings:
• Loss could result in the unauthorized release of information that could have a significant impact on the organization’s mission or financial assets or result in loss of life
• Loss could result in the unauthorized release of information that
Medium criticality findings:
Loss could result in the unauthorized release of information that could have an impact on the organization’s mission or financial assets or result in harm to an individual
• Loss could result in the unauthorized release of information that could have some degree of impact on the organization’s mission or
Low criticality findings:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
g p gfinancial assets or result in harm to an individual
Example of Finding- I
Finding: SNMP set public community
Finding ID #: 1
CVE/CAN: CAN-1999–0517
Category: Identification and Authentication (External Exposure)
Location: 10.0.0.4
Severity: High
Discussion:
The SNMP default public community name is specified, allowing anyone to change the p y p g y gcomputer’s system information if they use this default value. An attacker can use SNMP to obtain valuable information about the system, such as information on network devices and current open connections. In this case, the ability exists to actually change information, because the SNMP Set password is set to Publicp
Recommendations:
Option 1: If the SNMP Service is not necessary, disable or remove it.
Option 2: If your organization requires the use of the SNMP Service, you should take
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
p y g q , ysteps to secure the SNMP community names and the community strings
Example of Finding- II
Finding: Telnet default account accessibleFinding ID #: 2
CVE/CAN: No common corresponding vulnerability
Category: Technical Finding (System Boundary)
Location: 10.0.0.4
Severity: High
Discussion:
An accessible default account was detected through Telnet. Default accounts through Telnet allow attackers easy access to remote systems by providing a network-accessible service on the server or printer
R d i Recommendations:
Option 1: Disable the Telnet account/service on each network.
Option 2: Change the password for the account to something difficult to guess
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Analyze
Repeatedly analyze your findings.p y y y g
This will be critical in preparing your final report.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited