The Basics of Infrastructure Tests

An infrastructure test involves internal computer networks, internet connection, external

devices, and virtualization technology. Let’s discuss these in detail:

Loading...

Internal Infrastructure Tests – Hackers can take advantage of flaws in the internal

security of a network. By testing the internal structure of a target, you will be able

to identify and solve existing weaknesses. You will also prevent the members of the

organization from attacking the structure from the inside.

External Infrastructure Tests – These tests simulate black hat attacks. Because

malicious hackers will attack a network from outside, it’s important to check

whether the external defense mechanisms of that network are strong.

Wireless Network Tests – WiFi technology allows you to connect devices

indirectly. Here, data packets will just travel from one device to another. This

technology offers convenience. However, convenience creates vulnerability.

Hackers may scan for data packets that are being sent in a network. Once

Aircrack-ng, Wireshark, or similar tools obtain these data packets, the network will be

prone to hacking attacks.

A wireless network test allows the white hat hacker to improve the target’s defenses

against wireless attacks. The tester may also use his findings to create guidelines for the

network’s end-users.

Virtualization and Cloud Infrastructure Tests – Storing company-related

information in third-party servers is extremely risky. The hackers may capture the

data as it goes to the “cloud” server. They may also attack the cloud server itself

and access all the information stored there. Because the incident happened outside

the network, tracking the culprits can be extremely difficult.

How to Write a Report

Your efforts will go to waste if you won’t record your results. To become a successful

white hat hacker, you should know how to write good reports. In this part of the book,

you’ll discover important tips, tricks, and techniques in writing reports for penetration

tests.

Main Elements of a Report

Goals – Describe the purpose of your test. You may include the advantages of

penetration testing in this part of the report.

Time – You should include the timestamp of the activities you will perform. This

will give an accurate description of the network’s status. If a problem occurs later

on, the hacker can use the timestamps of his activities to determine the cause of the

issue.

Audience – The report should have a specific audience. For example, you may

address your report to the company’s technical team, IT manager, or CEO.

Classification – You should classify the document since it contains sensitive data.

However, the mode of classification depends on your client.

Distribution – Your report contains confidential information. If a black hat hacker

gets access to that document, the network you were meant to protect will go down.

Thus, your report should indicate the total number of copies you made as well as

the people to whom you sent them. Each report must have an ID number and the

name of its recipient.

Data Gathering

Penetration tests involve long and complex processes. As a result, you need to describe

every piece of information that you’ll collect during the attack. Describing your hacking

techniques isn’t enough. You should also explain your assessments, the results of your

scans, as well as the output of your hacking tools.

Creating Your First Draft

Write the initial draft of your report after collecting all the information you need. Make

sure that this draft is full of details. Focus on the processes, experiences, and activities

related to your test.

Proofreading

Typographical and/or grammatical errors can ruin your report. Thus, you need to review

your work and make sure that it is error-free. Once you’re satisfied with your output, ask

your colleagues to check it. This approach will help you produce excellent reports.

Outline of a Test Report

1. Executive Summary

1. Scope and Limitations of the Project

2. Objectives

3. Assumptions

4. Timeline

5. Summary of Results

6. Summary of Suggestions

2. Methodology

1. Plan Formulation

2. Execution of the Attack

3. Reporting

3. Findings

1. Detailed Information Regarding the System

2. Detailed Information Regarding the Server

4. References

1. Appendix

The Legal Aspect of Penetration Tests

As a hacker, you will deal with confidential data concerning a business or organization.

Accidents might happen, and the information may leak to other people. That means you

need to be prepared for legal issues that may arise in your hacking projects.

This part of the book will discuss the legal aspect of hacking. Read this material carefully:

it can help you avoid lawsuits and similar problems.

Legal Problems

Here are some of the legal problems that you may face:

Leakage of confidential information

Financial losses caused by faulty tests

You can prevent the problems given above by securing an “intent statement”. This

statement proves the agreement between the client and the tester. This document describes

all of the details related to the penetration test. You’ll use an intent statement to avoid legal

issues in the future. Thus, both parties should sign the document before the test starts.

0/5 (0 Reviews)

LEAVE A REPLY

Please enter your comment!
Please enter your name here