1 00:00:00,530 --> 00:00:02,120 Another method of testing the security 2 00:00:02,120 --> 00:00:05,100 of your network is to conduct a penetration test. 3 00:00:05,100 --> 00:00:06,770 A penetration test is conducted by 4 00:00:06,770 --> 00:00:08,490 a team of professionals to simulate 5 00:00:08,490 --> 00:00:10,250 an attack on your network, it's system, 6 00:00:10,250 --> 00:00:11,800 or it's applications. 7 00:00:11,800 --> 00:00:13,750 Often, this is called a pen-test. 8 00:00:13,750 --> 00:00:15,250 And the idea here is for the team 9 00:00:15,250 --> 00:00:18,320 to break into your network, just like a real hacker would. 10 00:00:18,320 --> 00:00:20,270 But, how does a penetration test differ 11 00:00:20,270 --> 00:00:22,020 from a vulnerability assessment? 12 00:00:22,020 --> 00:00:24,160 Well, vulnerability assessments are conducted 13 00:00:24,160 --> 00:00:26,040 often as a credentialed scan, 14 00:00:26,040 --> 00:00:28,180 where the tool can be provided 15 00:00:28,180 --> 00:00:29,410 with a username and password for the systems. 16 00:00:29,410 --> 00:00:31,046 This is going to provide you 17 00:00:31,046 --> 00:00:32,280 with an inside out look of your networks, 18 00:00:32,280 --> 00:00:34,440 just like a system administrator would see. 19 00:00:34,440 --> 00:00:36,580 Now, instead, a pen-test is seeking 20 00:00:36,580 --> 00:00:38,460 to look at your networks as an attacker would, 21 00:00:38,460 --> 00:00:40,210 from the outside in. 22 00:00:40,210 --> 00:00:41,990 Often, your penetration tests are going to be 23 00:00:41,990 --> 00:00:44,530 conducted in the form of a black-box test, 24 00:00:44,530 --> 00:00:47,200 where the pen-testers have to hunt for any information 25 00:00:47,200 --> 00:00:49,130 that they need in order to be able to penetrate 26 00:00:49,130 --> 00:00:50,510 the network's defenses. 27 00:00:50,510 --> 00:00:52,330 But some organizations are going to hire 28 00:00:52,330 --> 00:00:54,180 a pen-testers to perform the assessment 29 00:00:54,180 --> 00:00:56,130 as a white-box test instead. 30 00:00:56,130 --> 00:00:57,881 This means they'll give them 31 00:00:57,881 --> 00:00:58,714 some kind of information about the network, 32 00:00:58,714 --> 00:01:01,670 usually IP addresses, the types of servers being run, 33 00:01:01,670 --> 00:01:04,380 maybe the software, and sometimes even a basic 34 00:01:04,380 --> 00:01:05,970 standard user account. 35 00:01:05,970 --> 00:01:08,500 Now, it really depends on how much time and money 36 00:01:08,500 --> 00:01:10,680 you want to dedicate to an assessment as to whether 37 00:01:10,680 --> 00:01:12,560 you're going to start from scratch and do a black-box 38 00:01:12,560 --> 00:01:14,950 assessment or save some time and money 39 00:01:14,950 --> 00:01:17,310 by starting with a white-box assessment. 40 00:01:17,310 --> 00:01:20,160 Now, during a penetration test, the simulated attackers 41 00:01:20,160 --> 00:01:22,950 are going to bypass your firewalls, find vulnerabilities 42 00:01:22,950 --> 00:01:25,810 in your network and attempt to break through your defenses. 43 00:01:25,810 --> 00:01:27,550 After the test is complete, you're going to get 44 00:01:27,550 --> 00:01:29,820 a full report provided to the organization 45 00:01:29,820 --> 00:01:31,530 so that you can start patching and fixing 46 00:01:31,530 --> 00:01:33,210 all of the things they found. 47 00:01:33,210 --> 00:01:35,870 These tests can be conducted by a simulated attacker 48 00:01:35,870 --> 00:01:38,040 from the command prompt using basic tool sets 49 00:01:38,040 --> 00:01:40,900 or solutions, things like Metasploit, CANVAS, 50 00:01:40,900 --> 00:01:42,660 and other pen-testing tools. 51 00:01:42,660 --> 00:01:45,130 Like a vulnerability assessment, penetration tests 52 00:01:45,130 --> 00:01:46,890 are a snapshot in time. 53 00:01:46,890 --> 00:01:49,160 As such, they need to be conducted periodically 54 00:01:49,160 --> 00:01:50,970 to determine the true effectiveness 55 00:01:50,970 --> 00:01:52,300 of your defenses. 56 00:01:52,300 --> 00:01:54,854 A penetration test can also determine 57 00:01:54,854 --> 00:01:55,730 if your employees are actually following 58 00:01:55,730 --> 00:01:57,850 the sound principles of IT security 59 00:01:57,850 --> 00:02:00,130 that you taught them during their annual user training 60 00:02:00,130 --> 00:02:02,150 by attempting to trick them with phishing emails 61 00:02:02,150 --> 00:02:04,470 and other social engineering attacks. 62 00:02:04,470 --> 00:02:07,380 Penetration tests follow five basic steps. 63 00:02:07,380 --> 00:02:09,620 First, you get permission and you document 64 00:02:09,620 --> 00:02:11,670 information about the target network. 65 00:02:11,670 --> 00:02:13,880 Second, you gather information about the target 66 00:02:13,880 --> 00:02:15,110 through reconnaissance. 67 00:02:15,110 --> 00:02:16,940 Third, you're going to enumerate the target 68 00:02:16,940 --> 00:02:18,980 to identify known vulnerabilities. 69 00:02:18,980 --> 00:02:20,780 Fourth, you're going to exploit the network 70 00:02:20,780 --> 00:02:22,750 to gain user or privilege access. 71 00:02:22,750 --> 00:02:24,430 And fifth, you're going to document 72 00:02:24,430 --> 00:02:25,860 all of your results of the pen-test 73 00:02:25,860 --> 00:02:28,260 and give that report to the organization. 74 00:02:28,260 --> 00:02:30,460 Now, pen-testers can use a wide variety 75 00:02:30,460 --> 00:02:32,270 of techniques and attack methods, 76 00:02:32,270 --> 00:02:34,020 just like a real hacker would. 77 00:02:34,020 --> 00:02:36,270 A pen-tester is going to attempt to break into the network 78 00:02:36,270 --> 00:02:38,210 and gain at least an initial foothold 79 00:02:38,210 --> 00:02:39,410 into the network. 80 00:02:39,410 --> 00:02:41,500 For example, if I was your pen-tester, 81 00:02:41,500 --> 00:02:42,920 I might use a phishing campaign 82 00:02:42,920 --> 00:02:45,540 to try to phish your users within your network. 83 00:02:45,540 --> 00:02:47,100 If I can get them to click on a link, 84 00:02:47,100 --> 00:02:50,010 that might let me access a system as that user. 85 00:02:50,010 --> 00:02:52,020 Then, I would want to elevate my permissions 86 00:02:52,020 --> 00:02:54,040 up to the administrator level, if I can. 87 00:02:54,040 --> 00:02:56,290 If not, I'm going to want to pivot to another user 88 00:02:56,290 --> 00:02:58,000 or another workstation. 89 00:02:58,000 --> 00:03:00,040 By pivoting, I can continue to spread out 90 00:03:00,040 --> 00:03:02,570 across the network and chain my attacks together. 91 00:03:02,570 --> 00:03:04,760 This is going to help me to establish persistence 92 00:03:04,760 --> 00:03:07,140 as the pen-tester because now I have the ability 93 00:03:07,140 --> 00:03:09,520 to maintain my foothold inside your network. 94 00:03:09,520 --> 00:03:11,570 Even if that first user account I broke into 95 00:03:11,570 --> 00:03:13,600 is figured out and they change the password, 96 00:03:13,600 --> 00:03:15,470 I now might have many other accounts 97 00:03:15,470 --> 00:03:17,130 throughout your network that I can use 98 00:03:17,130 --> 00:03:18,680 and still pivot around the network, 99 00:03:18,680 --> 00:03:20,580 finding more vulnerabilities. 100 00:03:20,580 --> 00:03:22,340 While pen-tests often come across from 101 00:03:22,340 --> 00:03:24,070 an external network like the internet, 102 00:03:24,070 --> 00:03:26,860 you can also run pen-tests from within your network 103 00:03:26,860 --> 00:03:28,760 if your organization desires. 104 00:03:28,760 --> 00:03:31,170 This would be dependent on the scope of the assessment. 105 00:03:31,170 --> 00:03:32,870 For example, if you wanted to assess 106 00:03:32,870 --> 00:03:35,150 the damage that an insider threat could perform, 107 00:03:35,150 --> 00:03:37,290 you could do this by hiring a pen-tester, 108 00:03:37,290 --> 00:03:39,140 having them come into your organization, 109 00:03:39,140 --> 00:03:41,220 giving them a standard username and password, 110 00:03:41,220 --> 00:03:43,010 and putting them at one of your workstations. 111 00:03:43,010 --> 00:03:45,610 And then seeing what kind of damage they could do. 112 00:03:45,610 --> 00:03:48,700 Now, pen-testing is an entire course onto itself. 113 00:03:48,700 --> 00:03:50,630 In fact, it's called PenTest+. 114 00:03:50,630 --> 00:03:53,030 So, we're not going to cover everything here in this lesson 115 00:03:53,030 --> 00:03:54,570 or even in this course. 116 00:03:54,570 --> 00:03:56,880 If the idea of being a pen-tester excites you, 117 00:03:56,880 --> 00:03:59,300 I recommend you check out the PenTest+ certification 118 00:03:59,300 --> 00:04:01,670 from CompTIA as your next course of study 119 00:04:01,670 --> 00:04:03,700 once you finish Security+. 120 00:04:03,700 --> 00:04:05,830 Whereas Security+ is designed as a fundamental 121 00:04:05,830 --> 00:04:07,710 security certification for beginners 122 00:04:07,710 --> 00:04:09,670 that gives you a really wide range of ideas 123 00:04:09,670 --> 00:04:12,270 of security, PenTest+ is designed for people 124 00:04:12,270 --> 00:04:13,890 who have been working in cyber security 125 00:04:13,890 --> 00:04:15,450 for at least a year or two. 126 00:04:15,450 --> 00:04:16,960 It's considered an intermediate level 127 00:04:16,960 --> 00:04:18,820 certification that's offered by CompTIA, 128 00:04:18,820 --> 00:04:21,290 and passing the PenTest+ will automatically 129 00:04:21,290 --> 00:04:23,030 renew your Security+ certification 130 00:04:23,030 --> 00:04:24,580 for an additional three years, too. 131 00:04:24,580 --> 00:04:26,930 So, it's a great second course for you to take.