attack vectors e-security penetration test

Articles

Latest Articles

Will the trend of reverse offshoring continue?
August 06, 2008
A Windows Device Driver Primer (2/10): Device Driver Programming
July 16, 2008
A Windows Device Driver Primer (1/10): Introduction
July 08, 2008
Demystifying Penetration Tests – Planning and Managing Tests (Part 4 of 4)
June 04, 2008
Demystifying Penetration Tests – Classification of Tests (Part 3 of 4)
May 27, 2008
Demystifying Penetration Tests – Attack Vectors (Part 2 of 4)
May 20, 2008
Chapter 1: Security Principles and the SDL (Online Book Preview)
May 20, 2008
Strategic Outsourcing – The Art and Craft of Outsourcing for Long Term Benefit (1/4)
May 13, 2008
Data Protection and Privacy – The Indian Paradigm
May 07, 2008
Conversations Within Asia – Stage 1: India and Japan
May 07, 2008

“Chishiki” is Japanese for “knowledge.” e-chishiki.com aims to bring software developers, information security professionals, IT executives and other IT pros a rich body of knowledge in the form of articles, interviews, tutorials and technical discussions. Our contributors are among the biggest names in the Indian IT industry and include noted authors, educators and practitioners.

e-Security Series (Penetration Tests)

Demystifying Penetration Tests – Attack Vectors (Part 2 of 4)

Santosh Satam

May 20, 2008

Print this article

Santosh Satam

A penetration test is a controlled attempt at penetrating a computer system or network from “outside” in order to detect vulnerabilities. It employs the same or similar techniques to those used in a genuine attack. This article aims to provide a structured approach to penetration testing that facilitates and can ensure the efficient and focused performance of such tests. It is also designed to provide assistance with selection criteria to decision-makers in private and public entities who are planning to commission a penetration test.

Attack Vectors

Network Attacks

Identifying ways to penetrate the network through Internet facing hosts is a natural starting point for most hackers. The range of methods employed is considerable. These can include:

Scanning for known vulnerabilities
Password cracking brute force attacks
Attempts to bypass access control lists
Network eavesdropping
Trojan attacks
Exploitation of buffer overflows

Web Application Attacks

It is increasingly recognized that web applications are often an ‘open window’ into the IT infrastructure of many organizations. This is because few web applications are developed with security in mind, and very few developers understand web application security techniques. Hackers will therefore attack these applications as an end in itself (ex. to perpetrate fraud via an insecure financial service application) or to seek to use the web application as a soft entry point into the other internal systems.

Web application attacks will typically involve one or more of the following:

SQL injection
Cross site scripting attacks
Exploitation of authentication, access control and authorization issues
Exploitation of session management problems
Exploitation of web server configuration issues

Wireless Attacks

A large number of companies who have been diligent in establishing a secure traditional wire line infrastructure suddenly throw caution to the wind when they roll out wireless networks. If a hacker knows that your company uses wireless technology, the hacker will almost certainly attempt to break your security through the wireless network, using techniques such as:

Locating or establishing an unauthorized wireless access point
Eavesdropping ad exploiting weaknesses in network encryption
Exploiting weaknesses in network access control

Social Engineering

Hackers use a wide variety of social engineering techniques in an attempt to elicit passwords and other information that may assist an attack from staff by covert means.

The methods used are many and various, but frequently involve telephoning a junior employee, posing as a member of the IT department and requesting that person’s used ID and password so as to perform some remote diagnostic tests.

Physical Security Attacks

Hackers are aware that whilst most organizations have invested heavily in logical security infrastructure, this is frequently undermined by holes in physical security. Hackers will therefore often attempt to breach the physical security of a site through a number of techniques, which can include:

Stealing laptops
Obtaining access to a building through false pretenses (posing as maintenance staff, etc) and
・ stealing assets containing confidential data; or
・ furtively setting up a rogue wireless access point; or
・ looking out for passwords and user names written down on pieces of paper
Exploiting weakness in building access control devices to gain after hours access or access to data centers.

Telephony Systems Attacks

Telephonic communication systems and computer systems are highly integrated these days, and in many companies, practically indistinguishable from one another. Not surprisingly, hackers can and do use weaknesses in telephony systems to break into company networks. Techniques used by hackers include:

War dialing (for the identification of remote access points)
Attacking remote access port vulnerabilities
Brute force attacks (for gaining access to remote access ports)
PABX attacks (modifying PABX settings to re route calls)

The Compromise

In an ideal world, any penetration test would include all these attacks, since a real hacker is likely to try all of them (depending on what they are trying to achieve). However, this would make the cost of a penetration test prohibitive. An intelligent compromise must be reached when defining the scope of penetration testing. This is considered further in The Cost Dimension in the next part in this series of articles.

The important thing to note at this stage is that a penetration test will only make your organization more secure if the tester uses the same techniques that a black hat hacker is likely to use on your organization.