Penetration Testing For Dummies - Robert Shimonski

Скачать книгу

in more depth in Chapter 2.

      I also lay out everything you need to know about security vulnerabilities and introduce you to the tools, techniques, and skills that today’s most elite pen testers use on a daily basis to conduct penetration tests that keep their company’s assets safe.

      The security arena has myriad names applied to anyone who does good or bad security stuff. If you’re new to pen testing, all that can be highly confusing. To clear up any and all confusion on the matter, I dedicate this section to describing the good guys who do pen testing and what roles you might have as a pen tester. (See Chapter 2 for a breakdown of the baddies.)

      The pen tester’s role is to penetrate and to ethically hack to find weaknesses within a company’s IT security program. Securing the weaknesses might be someone else’s responsibility. You may or may not be responsible for making recommendations based on the weaknesses you uncover, but I discuss that task in Chapter 12.

      

You must have permission to conduct penetration testing if you don’t work in the field or for a company hired to conduct it. Even if you’re hired to pen test an organization’s security, you likely still need permission for certain types of pen testing activities. See Chapter 9 for more on that issue.

      Crowdsourced pen testers

      As big data grows as a concept and more and more systems grow in complexity and size, especially as companies move into cloud architecture and outsourced solutions, there is a need to leverage additional resources to stay on top of all the latest risks, issues, and threats. As more and more systems join massive compute models and virtualized systems are used in new architectural models, the global community of good guys (white hat hackers) can bring a wide array of benefits to the table.

      Crowdsourcing is a form of security where pen testing is done via group-based team efforts of enthusiasts (who can also be experts) for the purpose of testing systems managed by enterprises much the same way a constant group may. For example, a crowdsource pen test group may be contacted to run the same types of attacks against you that a consultant may and report on their findings.

      You can find crowdsourcers at sites such as www.hackerone.com. Join and offer your services or find pen testers to help you out with a project.

      In-house security pro

      In-house security operations versus consulting services for hire (which I discuss in the next section) are generally how pen testers work in the field. Large companies and government agencies generally employ in-house operations engineers who conduct pen tests for the business they work for.

      Smaller organizations can’t always afford to keep staff of this kind, and they often don’t have enough work to keep them busy. Sometimes conducting pen tests isn’t a dedicated position but is a task given to a systems administrator, a network engineer, or other IT professional in the organization.

      An in-house employee who’s dedicated to securing the organization’s interests, assets, and reputation is often called a security analyst. This is someone employed full-time by a company, firm, or business (public, private, non-profit, government, military, or otherwise) who is responsible for providing security services. That’s a broad term for what can be a very detailed role requiring a variety of security functions, the skills needed, and the tools that are used.

      Depending on the organization and the exact role, security analysts might have many other names, such as these (not a complete list):

       Chief Information Security Officer (CISO)

       Security architect

       Security engineer

       Security operations staff

       Risk analyst

       Forensics technician

       Security practitioner

      These are obviously more detailed roles within security, but they all work with security, and they all analyze security at some level of degree.

      Security consultant

      You can hire a consultant to conduct a pen test for you or your firm. Consultants are for hire either as independent contractors or as part of firms you can hire. This may save you time and money in the future.

      Consultants at times work for firms that specialize in security or provide security services under a contract. This means that they can scan remotely (externally) or come onsite and scan internally and do more intrusive testing. Either way, consultants allow a smaller organization to retain top talent for a reasonable price and still get the services needed to be current and secure. This route also paves the way for those entering into the field of pen testing an opportunity to gain employment through a company or a contract to conduct security services.

      Professional organizations and vendors both offer industry standard, generalized and specialized certification programs, as well as those based on specific vendor tools. Some of them mix the two.

      For example, one of the biggest and most focused pen testing certifications on the market today is CompTIA’s pentest+ certification. Although it covers general topics on pen testing, it also goes in depth on the tools you use the most. There are also other certifications, such as the CEH (certified ethical hacker certification) and the SANS GIAC Penetration Testing certification (covered in Chapter 16).

      You can also start with general security certifications such as the CompTIA Security+ or the ISC2 CISSP.

      

It would also benefit you to learn how to write and submit reports and present your findings. I cover these topics in detail in Part 4.

      You’re going to need a wide variety of skills throughout your pen testing career, but the biggest (or most important) skills to have are in the realm of networking and general security, which I discuss in this section.

Скачать книгу