商品簡介
CISO's Guide to Penetration Testing: A Framework to Plan, Manage, and Maximize Benefits details the methodologies, framework, and unwritten conventions penetration tests should cover to provide the most value to your organization and your customers. Discussing the process from both a consultative and technical perspective, it provides an overview of the common tools and exploits used by attackers along with the rationale for why they are used.
From the first meeting to accepting the deliverables and knowing what to do with the results, James Tiller explains what to expect from all phases of the testing life cycle. He describes how to set test expectations and how to identify a good test from a bad one. He introduces the business characteristics of testing, the imposed and inherent limitations, and describes how to deal with those limitations.
The book outlines a framework for protecting confidential information and security professionals during testing. It covers social engineering and explains how to tune the plethora of options to best use this investigative tool within your own environment.
Ideal for senior security management and anyone else responsible for ensuring a sound security posture, this reference depicts a wide range of possible attack scenarios. It illustrates the complete cycle of attack from the hacker’s perspective and presents a comprehensive framework to help you meet the objectives of penetration testing—including deliverables and the final report.
作者簡介
James S. Tiller is the Vice-President of Security Professional Services, North American BT Global Services.
目次
Getting StartedAudienceHow to Use This BookSetting the StagePerspectives of ValueWhere Does Penetration Testing Fit?What Constitutes a Success?A Quick Look BackHacking Impacts Resources Information Time Brand and ReputationThe Hacker Types of Hackers Script Kiddies Independent Hackers Organized HackersSociologyMotivesThe FrameworkPlanning the TestSound OperationsReconnaissanceEnumerationVulnerability AnalysisExploitationFinal AnalysisDeliverableIntegrationThe Business PerspectiveBusiness ObjectivesPrevious Test Results Building a RoadmapBusiness Challenges Security Drivers Increasing Network Complexity Ensuring Corporate Value Lower Management Investment Business Consolidation Mobile Workforce Government Regulations and Standards Why Have the Test? Proof of Issue Limited Staffing and Capability Third-Party PerspectiveIt Is All about Perspective Overall Expectations How Deep Is Deep Enough? One-Hole Wonder Today’s Hole
Planning for a Controlled AttackInherent Limitations Time Money Determination Legal Restrictions EthicsImposed LimitationsTiming Is EverythingAttack TypeSource PointRequired Knowledge Timing of Information Internet Web Authenticated Application Service Direct AccessMultiphased Attacks Parallel Shared Parallel Isolated Series Shared Series Isolated Value of Multiphase Testing Employing Multiphased TestsTeaming and Attack Structure Red Team Vulnerability Explanation Testing Focus Mitigation White Team Piggyback Attacks Reverse Impact Detection Blue Team Incident Response Vulnerability Impact Counterattack Team CommunicationsEngagement PlannerThe Right Security Consultant Technologists Architects EthicsThe TesterLogistics Agreements Downtime Issues System and Data Integrity Get Out of Jail Free Card Intermediates Partners Customers Service Providers Law Enforcement
Preparing for a HackTechnical Preparation Attacking System Operating System Tools Data Management and Protection Attacking Network Attacking Network ArchitectureManaging the Engagement Project Initiation Identify Sponsors Building the Teams Schedule and Milestones Tracking Escalation Customer ApprovalDuring the Project Status Reports Scope Management Deliverable ReviewConcluding the Engagement
ReconnaissanceSocial Engineering E-Mail Value Controlling Depth Help Desk Fraud Value Controlling Depth Prowling and Surfing Internal Relations and Collaboration Corporate Identity AssumptionPhysical Security Observation Dumpster Diving TheftInternet Reconnaissance General Information Web Sites Social NetworkingEnumerationEnumeration Techniques Connection Scanning SYN Scanning FIN Scanning Fragment Scanning TCP Reverse IDENT Scanning FTP Bounce Scanning UDP Scanning ACK ScanningSoft ObjectiveLooking Around or Attack?Elements of Enumeration Account Data Architecture Operating Systems Wireless Networks Applications Custom ApplicationsPreparing for the Next Phase
Vulnerability AnalysisWeighing the VulnerabilitySource Points Obtained Data The Internet Vendors Alerts Service PacksReporting Dilemma
ExploitationIntuitive TestingEvasionThreads and Groups Threads GroupsOperating Systems Windows UNIXPassword CrackersRootkitsApplications Web Applications Distributed Applications Customer ApplicationsWardialingNetwork Perimeter Network NodesServices and Areas of Concern Services Services Started by Default Windows Ports Null Connection Remote Procedure Call (RPC) Simple Network Management Protocol (SNMP) Berkeley Internet Name Domain (BIND) Common Gateway Interface (CGI) Cleartext Services Network File System (NFS) Domain Name Service (DNS) File and Directory Permissions FTP and Telnet Internet Control Message Protocol (ICMP) IMAP and POP Network Architecture
The DeliverableFinal AnalysisPotential AnalysisThe Document Executive Summary Present Findings Planning and Operations Vulnerability Ranking Process Mapping Recommendations Exceptions and Limitations Final Analysis ConclusionOverall StructureAligning Findings Technical Measurement Severity Exposure Business Measurement Cost RiskPresentation Remedial Tactical Strategic
Integrating the ResultsIntegration SummaryMitigation Test Pilot Implement ValidateDefense Planning Architecture Review Architecture Review Structure Awareness Training Awareness ProgramIncident Management Building a Team People Mission Constituency Organizational Structure Defining Services and Quality CERT FormsSecurity Policy Data Classification Organizational SecurityConclusion
Index
