In this small series I would like to give a short introduction to the theoretical procedure of penetration tests.
This series is divided into the following contributions:
#1 What is penetration testing, protection goals, offender profiles
#2 Classification of penetration tests
#3 Penetration test phases
#4 Evaluation of vulnerabilities
This series is not complete and is only intended to give a rough overview. If you have open questions about a topic, I will be happy to answer them in the comments or write another post!
I have already published this article in German and would like to make it available to my English-speaking readers.
A penetration test is a security analysis of computer systems.
The penetration tester uses the methods, tools and tactics of a malicious attacker [p.2 f.].[1].
The goal is to uncover security holes to close them before a malicious attacker can exploit these vulnerabilities.
Furthermore, the vulnerability of systems will be demonstrated to gain management attention and support for new security programs [p.xiii][2]. A penetration test can also help you decide what to use your security budget for.
Points of attack can be network coupling elements, servers, telecommunication systems, web applications, clients or infrastructure facilities [p.5][3].
Protection goals of information security
Within the scope of a penetration test, weak points regarding protection goals of information security are to be identified and evaluated.
The basic protection goals are explained below.
Confidentiality
Confidentiality is understood as the exclusive right of authorized persons to certain information. Confidentiality can be achieved through authorization concepts and encryption [p.4][1].
Integrity
Information may not be changed at any time by unauthorized persons. If this is the case, it should be recognizable that a change has been made. This protection goal is achieved by hash functions and cryptographic signatures.
Availability
Availability means that access to information is guaranteed. The availability is often indicated by a percentage that represents the time in which the corresponding information can be viewed.
Offender profiles
To categorize attackers of computer systems according to their level of knowledge and intention, [p.3][1] distinguishes the following types:
Script Kiddies
These are attackers with little technical understanding and knowledge. They often use scripts that are already available online. The scripts are executed out of curiosity without customizing them.
White hat hacker
A white hat hacker is an attacker who uses successful attacks and discovered vulnerabilities exclusively to inform the manufacturers and those affected. Penetration testers can be assigned to this category.
Black hat hacker
Attackers of this kind deliberately penetrate other systems in order to obtain confidential information or delete data. Financial enrichment is often the motive of these perpetrators. [p.6][3] additionally defines the term insider, which as former employees use internal company information to attack.
Grey hat hacker
As @thoughtfulonion mentioned in my german post, there are gradations between black- and white-hat-hackers. The greyhat breaks into other systems without permission, similar to the Black Hat hacker, but without the intention to do damage, but to draw attention to the vulnerability.
Cyberterrorists
Cyberterrorists are attacking systems to do maximum damage. Unlike Black Hat hackers, the intrusion is often not disguised and the procedure is classified as very aggressive.
Sources
Thank you for reading !