Penetration Testing and Network Defense

 < Day Day Up > 

This chapter presented an introduction to the process of creating a test plan for performing a penetration test. Penetration testing includes the following steps:

1.

Reconnaissance

2.

Enumeration

3.

Gaining access

4.

Maintaining access

5.

Covering tracks

Before you get started, you should devise a methodical plan on how you are to perform your test. You can use the Open-Source Security Testing Methodology Manual (OSSTMM) as a starting guide.

After you finish the test, you construct a report. The report should contain each of the following:

  • Executive Summary

  • Project Scope

  • Results Analysis

  • Summary

  • Appendixes

After you present the report, the next step is to discuss policies. Any vulnerability that exists on a network of an organization is either because the organization is not following its security policies or because an important component is missing from its security policy. You can read more about security policies in Appendix A, "Preparing a Security Policy."

     < Day Day Up > 

    Категории