Ethical Hacking

8. Planning the Scope of a Penetration Test

Penetration Planning

Most actual hacks are carried out after after the information gathering phase. Because this means gathering information available in the public domain, it's step often missed out in pentesting.

Pentesting often begins with the process of scanning and enumeration to identify weaknesses. Scanning with tools identifies the services and open ports running on the target computer. Scanning builds up in stages, stopping when sufficient information is gathered. It begins with stealthy hard to detect scans and slowly steps up to noisy easily detectable scans involving pinging.

Enumeration involves arranging these weaknesses in order according to their chances of success. Knowing the possibilty of success requires some knowledge of the possible exploits that could be used to take advantage of the identified vulnerability.

Matching weaknesses to likely exploits is a vital part of the planning process. The planning process also requires fallback alternatives to try in case the initial attempt fails.

Penetration Planning
Tasks
Stuff
stuff
Stuff
stuff
Stuff
stuff
Stuff
stuff
Content for Accordion Panel 3
You should be able to:-
  • Make the distinction between Data and Information.
  • Provide examples of where data becomes information.
  • Provide examples of personal data.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee