Its not too long when security professionals needed the system to redefine the security checking methods in corporate world. Its very difficult to compete with the whole Black hat army with bare hands. “Survivial of the fittest” to make new world security evolves in penetration testing.

First question flash in our mind is What on Earth is this Penetration testing?

It is basically a process of attacking on a system. Lets take an example:

I am security officer of XYZ Inc. I am concerned about the security of the company’s network but I am not able to find any loop hole or hot spot, which have potential to crash the network and cause loss of million bucks to company.

Now, What I will do is hire a Penetration testing team and instruct them to penetrate or in general term hack in the network of the company. They will apply all possible attacks all possible technologies to hack into the system. Lets assume that they hacked into the system through SQL injection attack. So now I know that the company’s system is vulnerable to this attack and I will take the appropriate step to prevent this.

May be this is the weird but to protect ourselves from the cyber attackers we have to be one of those. This is the only way we can think in their way and find out their strategy.

I am on it from last 2 weeks very soon I will post about the certification papers for penetration testing. Its’ still in the process of metamorphism.

I am also considering the books on this subject. Lets see how far I can go.

The U.S. Department of Defense (DoD) announces the official approval of the EC-Council Certified Ethical Hacker (CEH) certification program as a new baseline skills requirement for U.S.cyber defenders. Specifically, the new Certified Ethical Hacker program is required for the DoD’s computer network defenders (CND’s), a specialized personnel classification within the DoD’s information assurance workforce.

The Certified Ethical Hacker requirement falls under the auspices of DoD Directive 8570 Information Assurance Workforce Improvement Program. The current version (incorporating Change 2) was signed by Assistant Secretary of Defense, John G. Grimes and was officially instated on February 25, 2010. Directive 8570 provides clear guidance to information assurance training, certification and workforce management across all components of the DoD.

The CND groups protect, monitor, analyze, detect, and respond to unauthorized activity within DoD information systems and computer networks.

With this directive, military service, contractors, and foreign employees across all job descriptions must show 100-percent compliance with the new Certified Ethical Hacker training requirement by 2011. This shows the DoD’s focus on better training and preparation of the U.S. military workforce in this area.

The Certified Ethical Hacker qualification tests the certification holder’s knowledge in the mindset, tools and techniques of a hacker, fortifying it’s certification tag line: “To beat a hacker, you must think like one.”

“It is one of the most technically advanced certifications on the directive for CND professionals. In fact, it is the only certification approved across four out of the five categories to prepare the CND teams. While other policy-based programs add value, CEH prepares the U.S. CNDs to combat hackers in real time, defending U.S. interests globally.”

CISSP is added the Department of Defense Directive 8750.

In August of 2004, the U.S. Department of Defense recognized Directive 8570.1, which involves that every full- and part-time military service member, defense contractor, civilian and foreign employee with privileged access to a DoD system, regardless of job series or work-related area of expertise, to get a viable certification record that has been recognized by the American National Standards Institute (ANSI) by January 1, 2010 in order to maintain his or her job.

Government agencies know that their best line of defense for securing and protecting their vital information and information systems is a well-trained and aware user. That’s why DoD Directive 8570.1 was put into place. This enterprise-wide consent requires that any personnel conducting Information Assurance (IA) functions be trained and certified in a commercial certification on the concepts, principles, and applications to enhance protection of the Department of Defense’s (DoD) information, information systems, and networks.

Department of Defense Directive 8570 (DoD 8570) provides guidance and procedures for the training, certification, and management of all government employees who conduct Information Assurance functions in assigned duty positions. These individuals are required to carry an approved certification for their particular job classification. GIAC certifications are among those required for Technical, Management, CND, and IASAE classifications.

In the next post I will discuss about the levels and posts associated with the CISSP cert exam.

The IEEE 802.1X standard defines a method of authenticating and authorizing users to connect to an IEEE 802 LAN. It blocks users from accessing the network on the failure of authentication. IEEE 802.1X supports the Extensible Authentication Protocol-Transport Level Security (EAP-TLS) and Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) protocols. In the IEEE802.1X authentication system, an access point receives a connection request from a wireless client and forwards the request to the RADIUS server. The RADIUS server then uses the Active Directory database to determine whether the client should be granted access to the network.

The access router is the common name of the exterior router present in the screened host firewall architecture. It is attached to the perimeter network and the internet. Access router is used to protect both the perimeter network and the internal network from the Internet. It allows anything that is outbound from the perimeter network. Access router seldom do packet filtering. The rules for packet filtering, which is used to protect internal machines are always same on both the interior router and the exterior router.

In the land attack, the attacker sends the spoofed TCP SYN packet in which the IP address of the target is filled in both source and destination fields. Now, on receiving the spoofed packet the target system becomes confused and goes into the frozen state. Now-a-days the antivirus can easily detect such attacks.

In a teardrop attack, a series of data packets are sent to the target computer with overlapping offset field values. As a result, the target computer is unable to reassemble these packets and is forced to crash, hang, or reboot.

In a ping of death attack, the attacker sends an ICMP packet larger than 65,536 bytes. Since the operating system does not know how to handle a packet larger than 65,536 bytes, it either freezes or crashes at the time of reassembling the packet. However, nowadays the operating systems discard such packets, so the ping of death attack is not applicable under these circumstances.

In a fraggle DoS attack, an attacker sends a large amount of UDP echo request traffic to the IP broadcast addresses. These UDP requests have a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all the hosts, most of the IP addresses send an ECHO reply message. However, on a multi-access broadcast network, hundreds of computers might reply to each packet when the target network is overwhelmed by all the messages sent simultaneously. Due to this, the network becomes unable to provide services to all the messages and crashes.

In a smurf DoS attack, an attacker sends a large amount of ICMP echo request traffic to the IP broadcast addresses. These ICMP requests have a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all the hosts, most of the IP addresses send an ECHO reply message. However, on a multi-access broadcast network, hundreds of computers might reply to each packet when the target network is overwhelmed by all the messages sent simultaneously. Due to this, the network becomes unable to provide services to all the messages and crashes.

Online Certificate Status Protocol (OCSP) is used for obtaining the revocation status of an X.509 digital certificate. It is used to verify the status of a certificate. It was created as an alternative to certificate revocation lists (CRL). It provides more timely information about the revocation status of a certificate. It also eliminates the need for clients to retrieve the CRLs themselves. Therefore, it generates to less network traffic and provides better bandwidth management. It is described in RFC 2560 and is on the Internet standards track.

Certificate Enrollment Protocol (CEP) allows Cisco devices to acquire and utilize digital certificates from Certification Authorities (CAs). This protocol is primarily used for deployment of IPSec VPNs while using digital certificate authentication with Cisco devices.

Certificate Management Protocol (CMP) provides functionalities for advanced management associated with the use of digital certificates such as certificate issuance, exchange, revocation, invalidation, etc. This protocol is able to operate over any protocol.

I looked the blooming IT market after lifeless recession, and feel the warm of standing at the higher grounds. ISC-2 got my nerves when I passed CISSP, but I don’t know what happened to them. I mean can’t they see the hot cake of today’s scenario. Yes, guys I am talking about PENETRATION TESTING.

After being disheartened by ISC-2, I look forward to another vendors. As expected I found two renowned vendors providing certification for Penetration testing– EC-Council and GIAC.

For EC-Council, You must pass there old famous CEH (312-50) and Security analyst (ECSA-412-79) to become Penetration tester.

For GIAC, You can pass single open book test GPEN to become certified Penetration Testor.

Lets see what else I can find in this new dimension of security.

I found this paper really helpful, its objectives covered broad domain.

The Security Certified Network Specialist (SC0-451) certification is designed to examine the knowledge of networking and security skills required by a network security professional. This validation is done basically on the following technologies: Network Defense Fundamentals, Advanced TCP/IP, Routers and Access Control Lists, Designing Firewalls, Configuring Firewalls, Configuring Virtual Private Networks, Designing an Intrusion Detection System, Configuring an Intrusion Detection System and Securing Wireless Networks.

There are no specific prerequisites for this certification but any kind of Security+ certification or its equivalent work experience is recommended.

It provides a track for the following certifications:

1. Security Certified Network Professional (SCNP)
2. Security Certified Network Architect (SCNA)
3. Certified Information Systems Security Professional (CISSP)
4. Certified Information Security Manager(CISM)
5. Certified Wireless Security Professional(CWSP)
6. Certified Ethical Hacker(CEH)
7. Cisco Certified Security Professional (CCSP)

You will be required to attempt 60 questions in 90 minutes. You need to score 75% to pass the exam.

Having such certification shows the eligibility graph of a candidate in today’s IT industry. People with security certifications receive consistently more appointments from today’s industries and get higher base salary, bonuses, and raises as compared with other, less specialized IT positions

You can get more information at Vendor Site