O'Reilly logo

Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions by Thomas J. Mowbray

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 8

Penetration Testing

Gaining unauthorized system access, controlling systems without authorization, and exfiltrating data are inherently illegal in most jurisdictions. These crimes are analogous to burglary and robbery. Security testing is a professional service that sometimes mimics malicious attackers (also called white hat hacking), in particular during penetration testing (also called pen testing).

To protect yourself from legal consequences as you test systems, you must have clear authorization to conduct testing—a legal agreement, called Rules of Engagement (ROE), signed by you (the tester) and the client executives. Lawyers for both organizations should be involved. If test packets traverse other networks in other countries, you must consider the laws of all jurisdictions traversed.

In Chapter 7 I cover reconnaissance, network/port scanning, policy scanning, fingerprinting, and vulnerability probes. I continue to cover the phases of ethical hacking in this chapter continuing with network penetration, World Wide Web attacks, database attacks, user enumeration, password cracking, and privilege escalation. The final malicious phases are rarely conducted as part of pen testing, but they are very commonplace in the wilds of the Internet; these phases include back doors, rootkits, exfiltration, and abuse. To start, you need an understanding of the types of cyber attacks.

Forms of Cyber Attacks

Cyber-attack techniques are widely discussed and defined on the Internet, with ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required