CISSP Fix

Its not too long when security professionals needed the system to redefine the security checking methods in corporate world. Its very difficult to compete with the whole Black hat army with bare hands. “Survivial of the fittest” to make new world security evolves in penetration testing.

First question flash in our mind is What on Earth is this Penetration testing?

It is basically a process of attacking on a system. Lets take an example:

The U.S. Department of Defense (DoD) announces the official approval of the EC-Council Certified Ethical Hacker (CEH) certification program as a new baseline skills requirement for U.S.cyber defenders. Specifically, the new Certified Ethical Hacker program is required for the DoD’s computer network defenders (CND’s), a specialized personnel classification within the DoD’s information assurance workforce.

The Certified Ethical Hacker requirement falls under the auspices of DoD Directive 8570 Information Assurance Workforce Improvement Program. The current version (incorporating Change 2) was signed by Assistant Secretary of Defense, John G. Grimes and was officially instated on February 25, 2010. Directive 8570 provides clear guidance to information assurance training, certification and workforce management across all components of the DoD.

CISSP is added the Department of Defense Directive 8750.

In August of 2004, the U.S. Department of Defense recognized Directive 8570.1, which involves that every full- and part-time military service member, defense contractor, civilian and foreign employee with privileged access to a DoD system, regardless of job series or work-related area of expertise, to get a viable certification record that has been recognized by the American National Standards Institute (ANSI) by January 1, 2010 in order to maintain his or her job.

The IEEE 802.1X standard defines a method of authenticating and authorizing users to connect to an IEEE 802 LAN. It blocks users from accessing the network on the failure of authentication. IEEE 802.1X supports the Extensible Authentication Protocol-Transport Level Security (EAP-TLS) and Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) protocols. In the IEEE802.1X authentication system, an access point receives a connection request from a wireless client and forwards the request to the RADIUS server. The RADIUS server then uses the Active Directory database to determine whether the client should be granted access to the network.

The access router is the common name of the exterior router present in the screened host firewall architecture. It is attached to the perimeter network and the internet. Access router is used to protect both the perimeter network and the internal network from the Internet. It allows anything that is outbound from the perimeter network. Access router seldom do packet filtering. The rules for packet filtering, which is used to protect internal machines are always same on both the interior router and the exterior router.

In the land attack, the attacker sends the spoofed TCP SYN packet in which the IP address of the target is filled in both source and destination fields. Now, on receiving the spoofed packet the target system becomes confused and goes into the frozen state. Now-a-days the antivirus can easily detect such attacks.

In a teardrop attack, a series of data packets are sent to the target computer with overlapping offset field values. As a result, the target computer is unable to reassemble these packets and is forced to crash, hang, or reboot.

In a ping of death attack, the attacker sends an ICMP packet larger than 65,536 bytes. Since the operating system does not know how to handle a packet larger than 65,536 bytes, it either freezes or crashes at the time of reassembling the packet. However, nowadays the operating systems discard such packets, so the ping of death attack is not applicable under these circumstances.

In a fraggle DoS attack, an attacker sends a large amount of UDP echo request traffic to the IP broadcast addresses. These UDP requests have a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all the hosts, most of the IP addresses send an ECHO reply message. However, on a multi-access broadcast network, hundreds of computers might reply to each packet when the target network is overwhelmed by all the messages sent simultaneously. Due to this, the network becomes unable to provide services to all the messages and crashes.

In a smurf DoS attack, an attacker sends a large amount of ICMP echo request traffic to the IP broadcast addresses. These ICMP requests have a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all the hosts, most of the IP addresses send an ECHO reply message. However, on a multi-access broadcast network, hundreds of computers might reply to each packet when the target network is overwhelmed by all the messages sent simultaneously. Due to this, the network becomes unable to provide services to all the messages and crashes.