20120119

Learn Ethical Hacking Basics Session V


Types of Security Tests

Continuation purpose:-   Learn Ethical Hacking Basics Session 1
                                      Learn Ethical Hacking Basics Session 2
                                      Learn Ethical Hacking Basics Session 3
Objective: 


State security testing methodologies 
Several different types of security tests can be performed. These can range from those that merely examine policy to those that attempt to hack in from the Internet and mimic the activities of true hackers. These security tests are also known by many names, including 



Vulnerability Testing 
Network Evaluations 
Red Team Exercises 
Penetration Testing 
Host Vulnerability Assessment 
Vulnerability Assessment 
Ethical Hacking 



No matter what the security test is called, it is carried out to make a systematic examination of an organization’s network, policies, and security controls. Its purpose is to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of potential security measures, and confirm the adequacy of such measures after implementation. Security tests can be defined as one of three types, which include highlevel assessments, network evaluations, and penetration tests. Each is described as follows: 



High-level assessments

Also called a level I assessment, it is a top-down look at the organization’s policies, procedures, and guidelines. This type of vulnerability assessment does not include any hands-on testing. The purpose of a top-down assessment is to answer three questions: Do the applicable policies exist?
Are they being followed? 
Is there content sufficient to guard against potential risk? 


Network evaluations

Also called a level II assessment, it has all the elements specified in a level I assessment plus includes hands-on activities. These hands-on activities would include information gathering, scanning, vulnerability assessment scanning, and other hands-on activities. Throughout this book, tools and techniques used to perform this type of assessment are discussed.
Penetration tests
Unlike assessments and evaluations, penetration tests are adversarial in nature. Penetration tests are also referred to as level III assessments. These events typically take on an adversarial role and look to see what the outsider can access and control. Penetration tests are less concerned with policies and procedures and are more focused on finding low hanging fruit and seeing what a hacker can accomplish on this network.

NOTE 

Just remember that penetration tests are not fully effective if an organization does not have the policies and procedures in place to control security. Without adequate policies and procedures, it’s almost impossible to implement real security. Documented controls are required. 



How do ethical hackers play a role in these tests? That’s the topic of the next section.

Related Posts:- Learn Ethical Hacking Basics Session 4
                       Learn How to Break Into A Windows PC

No comments:

Post a Comment