MicroNugget: How to Do Penetration Testing and Vulnerability Scanning

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
penetration testing and vulnerability scanning let's begin in the world of information security just like in business we want to avoid risk now what exactly is risk and understand vulnerability scanning and penetration testing we probably had to start with risk now to really understand risk we have to really take a look at the concept of what is a vulnerability a vulnerability is like an egg a raw egg and the vulnerability for the egg would be it's fairly fragile shell and then I like you to imagine a 100 pound weight hanging by a rope over the egg and under the egg we have concrete that is 100 pounds dangling by a rope would be considered a threat and if we cut that rope that's holding that weight in place the way it would fall meaning the threat would be activated gravity would do its work and when the weight came in contact with the shell which is our vulnerability we would have a loss and that's really what risk is all about risk is the potential for a threat to compromise or take advantage of our exploit a vulnerability resulting in some type of a loss what is the likelihood of that weight actually falling and destroying the egg and that's what risk is all about so in information security we want to mitigate or lessen the effectiveness of a threat against our vulnerabilities and typically what we'll do we'll implement countermeasures that don't get rid of the threat they just get rid of the likelihood of that threat being effective against our vulnerability in our egg example perhaps our countermeasure is we build a solid steel table that's covering the egg and if the weight falls it'll hit the table which should be built and implemented securely enough so that the egg isn't damaged with its fragile shell and that would be an example of mitigating risks now one of the secrets of building a fortress of security to protect our information systems is first of all to identify what our vulnerabilities are we could have missed configurations that are allowing access without any controls in place for example a technical control of requiring one to log in before getting access to the system if that was misconfigured and just anyone could connecting it in that would be a vulnerability or if we had ports for example on end-user machines that were open like TCP port 80 which implies that there's a web service waiting and listening on that device that would be in most cases be a vulnerability that an attacker could leverage to get access to the system so as a corporation what we might want to do is periodically do vole 'nor ability scanning one of my favorite vulnerability scanners is called necess and with an esse scan of our environment we can do a credentialed or a non credentialed scan a credential scan allows the device running this is to actually connect to these devices like Lois's computer right here and login and doing a credential vulnerability scan gives the administrator more opportunity to be accurate and what it finds and also to find out additional information as opposed to just scanning for open ports by themselves and if we did do a vulnerability scan and we didn't have the credentials to log in that would be referred to as a non credential of vulnerability scan and the goal of this game is to find out and discover to be detective in nature regarding what vulnerabilities do exist on our systems so that we can then take corrective action to mitigate against threats that might take advantage of those vulnerabilities and one of the key elements of vulnerability scanning is that it is passive a vulnerability scan is not going to be injecting malicious software it's not going to be bringing a server down when it finds a vulnerability it's simply a passive non aggressive manner of discovering vulnerabilities on a system now it doesn't mean because it's passive it doesn't mean that we're allowed to go ahead and do scanning of any network that we happen to be on we'd also want to make sure that we have the proper authorization on any system to do full neural scanning in a corporate environment and unauthorized device doing a vulnerability scan would be considered aggressive and very likely would be against corporate policy now while vulnerability scanning is considered passive in nature not doing any damage to the network or system on the far opposite scale we have something called penetration testing which is intended to do harm because penetration testing is going to do active attacks so if you live for example we're hired as part of a penetration testing team to come in and do pen testing against this network in the system it's very possible we may start off with some warm-up exercises like vulnerability scanning to find out what vulnerabilities may exist and then we're going to break out our penetrate and testing tools which would go a step further and have the potential to actually compromise the system maybe take down a server or install malicious software on that server or get unauthorized access to an internal system and one of the reasons a company might consider doing penetration testing is they want to actually verify whether or not their security controls can be bypassed and if they are they want to find out before the real attackers start taking advantage of their systems so we want to actively test controls that are in place just to make sure they really are secure to make sure that those countermeasures we've put in place to mitigate risk to make sure that they're doing their jobs and if the countermeasures are not doing their jobs penetration testing could result in vulnerabilities that do exist on a system to literally be exploited and taken advantage of by the active penetration tests I have had a great time and I'm glad you join me for this video I have a few recommendations for you if you'd like to learn more about some of these topics CBT Nuggets offers a security plus course as CISSP course a course on certified ethical hacking there's also a course called penetration testing with Linux tools which covers a couple of my favorite tool kits including backtrack and Kali Linux so again thanks for joining me I hope this has been informative for you and I'd like to thank you for viewing
Info
Channel: CBT Nuggets
Views: 53,643
Rating: 4.9207921 out of 5
Keywords: kali linux, penetration testing, ethical hacking, information security, information security analyst, white hat hacker, pen testing, vulnerability scanner, kali linux virtualbox, what is penetration testing, vulnerability assessment, information security training, pen test, information security policy, information security management, information security officer
Id: 4gYYVghLVEY
Channel Id: undefined
Length: 5min 51sec (351 seconds)
Published: Wed Apr 09 2014
Related Videos
Nessus Vulnerability Scanner Tutorial (Cyber Security Tools)
Jon Good
59K
Webinar: A Well-Defined Vulnerability Management Program
Burwood Group
3.2K
Vulnerability Scanning - CompTIA Security+ SY0-501 - 1.5
Professor Messer
163K
HIPAA Rules and Compliance Training Video
SafetyVideos.com
85K
Top 5 PenTesting Tools - Tips for PenTesters
ITProTV
8.9K
Tips for How to Create a Pen (Penetration) Testing Report - Download Report Sample
ITProTV
3.4K
Nessus Vulnerability Scanner Overview | Ethical Hacking for Beginners
Instructor Alton
19K
Performing a Security Assessment of the Cloud using the Risk Management Framework: A Case Study
Amazon Web Services
22K
Hacking and Vulnerability Scanning with Nessus | TryHackMe Pentest+ Nessus Lab
CyberInsight
1.2K
Common Types Of Network Security Vulnerabilities In 2021 | PurpleSec
PurpleSec Cyber Security
11K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.