Phase 1:
Reconnaissance
The black hat uses a variety of sources to learn as much as possible about the target business and how it operates, including:
- Domain name management/search services
- Non-intrusive network scanning
- Services recognition
- Creating a network map
- Used software recognition
Phase 2:
Scanning
The objective here is to test for the possibility of a network breach by a trusted source and to determine just how far this source can get, if they gain access. A detailed security analysis will be carried out on the servers and network assets that are accessible through the trusted source.
Once the attacker has enough information to understand how the business works and what information of value might be available, he or she begins the process of scanning the perimeter and internal network devices looking for weaknesses, including:
- Open ports
- Open services
- Vulnerable applications, including operating systems
- Weak protection of data in transit
- Make and model of each piece of LAN/WAN equipment
Phase 3:
Gaining Access
The objective of an External Penetration Test is to determine the possibility of an outsider (untrustworthy source) gaining access into the network through the Internet, and to determine just how far they can get, if/once they gain access.
The objective of Internal Penetration Test is the same as that of an External Penetration Test, except, it is for those who are a part of a trusted source (part of the government network/internal network).
In order to test this, the following steps are performed:
- Initial tests and main penetration test plan creation
- Detailed penetration test of requested components (edge routers, IDS/IPS, firewall, website, related servers and services)
- Vulnerability testing.
Phase 4:
Writing Documentation
Once all tests are conducted and results are collected, the following set of documents will be presented. This post-incident analysis report will include:
- Executive System Security Report being a high-level overview of the Management. This report will include recommendations for further development of the System.
- Technical System Security Report being a database of vulnerabilities detected, their interpretation and proposed countermeasures. The technical report will include lists of audited systems, vulnerabilities detected, data gathered during the project and a proposal of technical solutions that can be used during securing and further development of the System.