download free Penetration Testing lab ppt - PowerPoint PPT Presentation

About This Presentation
Title:

download free Penetration Testing lab ppt

Description:

Cyber Fox is EC-Council accredited training centers in Madhya bangalore and this institute provide best ethical hacking or CEHv10 training in bangalore. keyword – PowerPoint PPT presentation

Number of Views:39
Slides: 9
Provided by: cyberfoxsecurium
Category: Other

less

Transcript and Presenter's Notes

Title: download free Penetration Testing lab ppt


1
Network Security
Vulnerability Scanning Penetration Testing
2
About Us
gt Assisted gt1 million merchants gt Largest PCI
support staff worldwide gt Certified as ASV, PFI,
QSA, PA QSA gt Member of PCI Security Standard
Council task forces and special interest groups gt
Performs on-site auditing, forensic investigations
, penetration testing, vulnerability scanning,
security consulting, PCI compliance gt Offers
network security devices, data discovery software
3
Testing Network Security
93 of large organisations and 76 of
small businesses experienced a security breach in
2011
(Information Security Breaches Survey, 2012)
Compromise costs
Financial penalties
Average organisational cost 5.5
million (Ponemon Institute, 2012)
Significant loss of reputation/brand trust
Various ways to test network security
(most thorough)
Vulnerability scan Penetration test
Anti-virus/malware software Appliances
(Intrusion Prevention Systems) Spyware
4
Vulnerability Scan (VA scan)
An automated, high-level test
Process

Should be conducted by a
company
with accreditation (i.e., PCI SSC Approved
Scanning Vendor)

Identifies network weaknesses and ranks how
critical they are Gives a beginning look at
what possibly could be exploited
Automatic network scans on a
quarterly basis Report of weaknesses, false
positives


Weaknesses patched on a prioritised basis Good VA
scan searches for over 50,000 vulnerabilities
Benefits

Quick
high
-
level look at possible vulnerabilities Very
affordable Automatic Takes a matter of minutes
Limitations
Sometimes test
falsely classifies object
as a

vulnerability (false positive)
Internal
Manually check
each vulnerability
before testing again

5
Penetration Test
An exhaustive, live examination
Process

Live attempt
to exploit vulnerabilities
Run automatic vulnerability
scan Follow up on reported vulnerabilities


Analyst takes on hacker role
Prove the vulnerability can be exploited Internal
and external testing External- perspective of an
hacker over Internet Internal- perspective of
someone within network
Try to fake passwords, manipulate code, fool web
servers into giving sensitive information
Report findings and recommendations
per target

Benefits
More accurate, thorough than VA scan

Manual Live analyst reviews the logic of
the application and determines how to leverage
access Rules out false positives

Limitations

Time (1 day to 3 weeks) Cost
6
Comparison
Vulnerability Scan
Penetration Test
Automated Minutes Scheduled Passive Report false
positives Programmed
Manual Days


(main difference)


Annually


(after significant change)
Aggressive


Rules
out false positives Intuitive Accurate/thorough Ex
ploitation




Identical N/A
scans




Both tests work together to encourage optimal
network security
7
Conclusion
Computer intrusion was responsible for 83 of
the total reported exposed records in 2011 and
1/3 total breaches.
Data
Breach Intelligence
Report,
2012

History has taught us never underestimate
the amount of money, time, and effort someone
will expend to thwart a security system. It's
always better to assume the worstGive yourself a
margin for error. Give
yourself more security than you need today. When
the unexpected happens, you'll be glad you did.
-Bruce Schneier cryptographer, security expert
8
Contact us
Cyber Fox Technology Address 3rd Floor, Lohia
Towers, Nirmala Convent Road, Patmata Distt.
Krishna , Vijayawada (India) Contact Email
info_at_cyberfoxtechnology.org Mobile91-9652038194
Website http//cyberfoxtechnology.org
Write a Comment
User Comments (0)
About PowerShow.com