9781111640125_IM_ch04

Security+ Guide to Network Security Fundamentals

  • Notes
  • 8
  • 100% (2) 2 out of 2 people found this document helpful

This preview shows page 5 - 8 out of 8 pages.

Penetration Testing 1. Note that unlike a vulnerability scan, penetration testing (sometimes called a pentest) is designed to actually exploit any weaknesses in systems that are vulnerable. 2. Emphasize that instead of using automated software, penetration testing relies upon the skill, knowledge, and cunning of the tester. 3. Explain that the end product of a penetration test is the penetration test report. 4. Discuss the three techniques that a penetration tester can use: a. Black box testing b. White box testing c. Gray box testing Mitigating and Deterring Attacks 1. Explain that although there are a wide variety of attacks, there are standard techniques that should be used in mitigating and deterring attacks. Creating a Security Posture 1. Mention that a security posture is an approach, philosophy, or strategy regarding security. 2. Discuss the elements that make up a security posture. a. Initial baseline configuration b. Continuous security monitoring c. Remediation Configuring Controls 1. Mention that another key to mitigating and deterring attacks is the proper configuration of controls. 2. Discuss the difference between fail-open and fail-safe locks. Teaching Tip Explain to students that the purpose of a penetration test is largely political rather than technical.
Image of page 5

Subscribe to view the full document.

Security+ Guide to Network Security Fundamentals, Fourth Edition 4-6 Hardening 1. Discuss the purpose of hardening is to eliminate as many security risks as possible and make the system more secure. 2. Identify and discuss the different types of hardening techniques: a. Protecting accounts with passwords b. Disabling any unnecessary accounts c. Disabling all unnecessary services d. Protecting management interfaces and applications Reporting 1. Emphasize that it is important to provide information regarding the events that occur so that action can be taken. Quick Quiz 2 1. True or False: In a white box test, the tester has no prior knowledge of the network infrastructure that is being tested. Answer: False 2. A(n) ____ is an approach, philosophy, or strategy regarding security. Answer: security posture 3. A(n) ____ is the standard security checklist against which systems are evaluated for a security posture. Answer: baseline 4. The purpose of ____ is to eliminate as many security risks as possible and make the system more secure. Answer: hardening Class Discussion Topics 1. Have students discuss the pros and cons of an organization regularly engaging in penetration testing. 2. Have students discuss the motivation of the ethical hacker. Teaching Tip Explain to students the importance of a well-defined incident reporting and incident management process.
Image of page 6
Security+ Guide to Network Security Fundamentals, Fourth Edition 4-7 Additional Projects 1. Have students research some of the tools that may be used by penetration testers or vulnerability assessment professionals. 2. Have students sketch out the possible components of a software system and discuss the various aspects of the system that may need protecting and why. Additional Resources 1. Certified Ethical Hacker 2. SANS Penetration Testing Curriculum 3. Vulnerability Assessment Survey 4. Server Hardening Checklist 5.
Image of page 7

Subscribe to view the full document.

Image of page 8
You've reached the end of this preview.
  • '
  • NoProfessor
  • Computer Security, Port scanner, Vulnerability scanner, Penetration test

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern