Hack I.T. – Security Through Penetration Testing
Authors: T. J. Klevinsky, Scott Laliberte and Ajay Gupta
Available for download is chapter 5 entitled “Internet Penetration”.
Penetration testing is one of the more mysterious activities everyone seems to talk about, but few know the entire scope it deals with, thus misleading those unfamiliar with it. But, basically, it’s only about one thing – trying to break into systems, with the focus set on locating vulnerabilities and holes. The scope is to get rid of them (instead of abusing them), improving the overall security of the system in question. Many questions arise during preparation and the actual process of testing, and that’s where this books comes in handy. Designed to educate personnel, and lead them through the process, it tries to meet many questions that may come up. But, enough of the introductory phrases, let’s skip further down the road, and see what does it bring us.
The nmap -P0 gave us the following:
Hack I.T. is written by three authors, namely T. J. Klevinsky, S. Laliberte and A. Gupta. All three of them work for Ernst & Young’s Security and Technology Solutions practice, where they perform various roles, while staying in the security field of expertise. They managed various penetration tests for Fortune 500 companies, and are all respective teachers in their own areas. So, sounds like a good start for a book of such topic. Regardless of the titles and jobs the authors currently occupy, lets focus on the book itself, and see what to make of it.
I.T. spreads on some 500 pages of text, and a complimentary CD-ROM, bundled with various security software, but I’ll deal with that one later. The book is neatly organised into 4 virtual parts, all comprising of many smaller chapters.
And the traceroute results go:
The first part of the book, that includes the first 4 chapters, deals more with clarifying what exactly a penetration tester does and provides some guidelines to define them and what motivates them. Of course, what kind of a security related book would it be, if it were not to mention the term ‘hacker’ and define it? Chapters 1 and 2 fit into these shoes perfectly. Next, requirements for a tester are discussed along with its toolkit, skill level and most of all, ethics. And then, out of nowhere, the really interesting part hits you right between the eyes: Chapter 4: Where the exposures lie. True gore chapter, deals with various issues known services have, from application holes, through CGI’s and buffer overflows to general web server vulnerabilities. Now, that’s a must, providing you aren’t already acquainted with these. If you are, still a sort of general reminder of what lurks out there, waiting to be abused into submission.
And then it gets even better, the second part of the book, comprising of chapters 5 – 10, deals with the fine flesh of it all, penetration testing, from start to end. Various possible penetration tests are dissected here, from bottom up, including the likes of Internet penetration, from it’s simple ping sweeps to the done deal of exploiting a possible treasure chest of a vulnerable host, Dial-in penetration and social engineering. The term so commonly used and loved by the press, although not that interesting like plain ‘hacking’. Typical Unix system services are covered, and their general pitfalls. And finally, to conclude this part, the Tool kit, which slowly, and without a single sound transfers the reader to the third part of the book. If you’re new to, or just plain curious about the topic of penetration testing and auditing, this one is a must, the backbone of the book. Excellent reading material!
Chapters 11 – 16 go further into the software part of your average tool kit, dealing with all sorts of software used by both the white hats, the black hats, and possibly other hats alike. An entire plethora of tools is available, both free and commercial, either by buying it, or by simply downloading it off the internet. It’s sometimes hard for a novice tester to make the right choice, without losing to much precious time. Look no further than here, for all major and commonly used tools are dealt with, from where they can be obtained to their downfalls and benefits. Port mappers, vulnerability scanners, sniffers, password crackers and other utilities, from ping to network/host based vulnerability scanners. Some tools you tried, some you heard of, and some are discussed here for your convenience. Sure, Nessus is a great open source scanner, but perhaps you’re looking for something for the Win2k or other? Save yourself time of browsing the internet, and look here. Perhaps you will find something that suits your needs best. Of course, not every single possible tool is covered, but the most important ones are.
And finally, at the end of the book you’re treated with some more advanced techniques and methods, that include evasion of IDS’s and firewalls, DoS and DDoS attacks, and others. It all ends with a nifty anticipation of future trends, contents of the CDROM, and a list of 20 most critical internet vulnerabilities.
Hmm, I think I heard a ‘what’s on the CDROM?’ question from the back. Well, like you probably guessed it by now, a collection of software you might find useful in your tests, like nmap, visualroute, dsniff, phonesweep, whisker, L0phtcrack, netcat, nessus et al. Sounds unfamiliar? Look in the third part of the book, chapters 11 – 16. 🙂
What do I make of it?
This is a true beginners guide to penetration testing. Some advanced knowledge is required, asides the basic one about networking, and some Unix and Windows concepts. You’ll learn all that you need to, throughout this book, but expect to be ready for some extra reading too. It will guide you through the penetration testing step-by-step, and the tools neccessary for it, but it will not teach you to interpret all results that some of these tools may provide you with. This is the part that the networking and Unix/Windows basic knowledge is useful. But, fear not, some of the techniques are very well documented and explained, proving
to be of great assistance to novice testers.
I will not go more in the subject of knowledge and education, since this is a simple book review, but I can tell you that you can easily gain all the necessary skills with some reading and practice. After all, penetration testing is only about putting you into the other side’s shoes for a moment, and surely you tried already to portscan a host, do a zone transfer, look for the mx record or something like that.
The book is simple to understand, written in a plain manner, and well organized, as can be seen from the contents located few paragraphs above. It does a great job of introducing the reader to penetration testing, from the beginning of the process, and guiding him along ’till the end.
Contents of the accompanying CDROM are good, especially if you don’t have time or means to collect the software by yourself. But, bear in mind that one of the key requirements in penetration testing is being up-to-date.
I can recommend this book to anyone getting interested into penetration testing as a great one to learn from. You should find many answers and clues you need in order to get ready and sink your teeth into some serious testing. Have fun!