Carry out infrastructure penetration testing
Overview
This standard is about carrying out infrastructure penetration tests.
Penetration testers discover security weaknesses within organisational infrastructure and web applications by performing authorised security tests to identify new vulnerabilities and report findings. They carry out tests using a combination of industry standard tools, in-house developed tools and manual reviews. The objective of a penetration test is to uncover any form of vulnerability - from small implementation bugs to major design flaws resulting from coding errors, system configuration faults, design flaws or other operational deployment weaknesses.
Carrying out infrastructure penetration testing involves testing internal computer system networks, associated devices, and cloud infrastructure to detect vulnerabilities and security flaws that could be exploited. Infrastructure penetration testing is also performed to assess an organisation's compliance with information security policies and its response to cyber security threats. The infrastructure penetration testing approach includes foot-printing and reconnaissance, scanning networks, enumeration and exploitation to demonstrate where vulnerabilities exist so that these can be reported on and mitigated.
This standard is for those who need to carry out infrastructure penetration tests as part of their duties.
Performance criteria
You must be able to:
Identify penetration testing requirements to support infrastructure penetration testing activity planning
Select the infrastructure penetration testing tools and techniques necessary to deliver client requirements
Prepare hardware and software tools ready for an infrastructure penetration testing in line with organisational requirements
Perform network mapping to identify IP addresses and open ports on the network
Perform foot-printing analysis to gather information about a target network infrastructure, systems and users
- Undertake port scanning to scan for open ports on the target network and devices
- Use port lookup tools to determine which network service runs on each port
- Perform username enumeration on target infrastructure network services using industry standard protocols and methods to identify valid user accounts
- Demonstrate where infrastructure vulnerabilities could be exploited to gain access to devices or obtain information about the network
- Manipulate network routing protocols and bypass security controls to perform traffic capture and demonstrate possible man in the middle attacks between two legitimate hosts
- Demonstrate pivoting through devices used to gain access to targets on an infrastructure subnet
- Interpret the output of tools, including those used for port scanning, enumeration, exploitation and traffic capture
- Validate the presence of identified vulnerabilities, suspicious files and assess patch levels accurately
- Perform clean-up activities after conducting penetration testing in line with organisational procedures
- Document vulnerabilities detected during infrastructure penetration testing in line with organisational procedures
Update knowledge base to record new knowledge on infrastructure penetration testing techniques and discoveries
Provide the client with a report for each infrastructure penetration testing service completed and provide recommendations to mitigate vulnerabilities and risks
- Present infrastructure penetration testing findings and recommendations to clients and colleagues
Knowledge and Understanding
You need to know and understand:
- The fundamental principles and concepts relevant to the penetration testing of digital system infrastructure
- The main components of an infrastructure penetration test and the high-level processes involved
- The infrastructure penetration testing life-cycle, from the initial client contact, to the delivery of the final report and subsequent mitigation work
- How to interpret client requirements for infrastructure penetration testing
- The structure of an infrastructure penetration test, including all relevant processes and procedures
- Industry standard infrastructure penetration testing methodologies and how to apply them
- How to select and apply industry standard tools and techniques to identify and exploit vulnerabilities in digital system infrastructure
- Industry standard and bespoke organisational tools and techniques to conduct infrastructure penetration testing and how to apply them
- The types of foot-printing analysis including passive and active foot-printing
- The tools and techniques used for foot-printing and how to apply them
- Industry standard operating systems
- the stages, tools, techniques, attack vectors, and surfaces to identify weak links
- How to interpret the outputs of infrastructure penetration testing tools
- The concept of pivoting through compromised devices
- Understand the concept of pivoting through compromised devices.
- The types of enumeration used to identify hosts and usernames on a network and how to apply them
- Industry standard networking protocols including IPv4, IPv6, TCP (Transmission Control Protocol), UDP (User Datagram Protocol) and ICMP (Internet Control Message Protocol)
- Industry standard network devices including TCP/IP, DNS, switches and firewalls
- Industry standard networks types that could be encountered during a penetration test:
- Security implications of shared media, switched media and VLANs (Virtual Local Area Network)
- The importance of egress and ingress filtering, including the risks associated with outbound connections
- Remote operating system fingerprinting active and passive techniques
- File permission attributes within operating system file systems and their security implications
- How finger daemon derives the information that it returns, and hence how it can be abused
- UK legislation related to human rights, data protection, and computer misuse and the impact of these on infrastructure penetration testing
- The concepts behind common microprocessor vulnerabilities such as Spectre and Meltdown
- Common risks associated with Bluetooth
- Active and passive operating system fingerprinting techniques and can demonstrate their use during a penetration test
- how the Ethernet Protocol works
- how the IPv4 and Ipv6 protocols works
- Common network routing protocols and their security attributes
- The configuration of routers, switches and Firewalls
- Network traffic filtering and where this may occur in a network
- The steps involved in performing clean-up activities after conducting infrastructure penetration testing
- How to analyse and interpret the results of infrastructure penetration testing
- How to mitigate vulnerabilities and prevent the associated exploits
- How to document the results of infrastructure penetration testing