Build penetration test environment selected from Kalilinux Wireless network penetration test Tutorial

The1Building Penetration test environment

Many organizations that provide security services use terminology such as security audits, network or risk assessment, and penetration testing. These terms have some overlap in meaning and, by definition, auditing is a technical assessment of the quantification of systems or applications. A security assessment is a measure of risk, a service used to identify vulnerabilities in systems, applications, and processes. The meaning of penetration testing is not just an evaluation, it tests with a discovered vulnerability to verify that the vulnerability really exists. This chapter describes the setting up of a penetration test environment. kalilinux Wireless network penetration Testing Tutorial

1.1What is penetration testing

Penetration testing does not have a standard definition. The general argument that some foreign security organizations have reached a consensus is that penetration testing is an evaluation method to evaluate the security of computer network systems by simulating the attack methods of malicious hackers. This process includes proactive analysis of any weaknesses, technical flaws, or vulnerabilities in the system. This analysis is performed from a location where an attacker might exist, and from this location there are conditions to proactively exploit security vulnerabilities.

penetration testing differs from other evaluation methods. The usual assessment method is to identify all relevant security issues based on known information resources or other evaluated objects. Penetration testing is based on known vulnerabilities that can be exploited to find out if there is a corresponding information resource. In comparison, the evaluation method is generally more comprehensive, and penetration testing is more focused on the severity of security vulnerabilities. kalilinux Wireless network penetration Testing Tutorial

Usually in penetration testing, two methods of penetration testing are used, namely black-box and white-box tests. The two methods of penetration testing are described in detail below.

1. White box test

with white-box testing, you need to work with the customer organization to identify potential security risks, and the customer organization will present their systems and network environment to the user. The biggest benefit of white-box testing is that attackers will have all the internal knowledge and can arbitrarily execute attacks without fear of being blocked. The biggest problem with white-box testing is the inability to effectively test the customer organization's emergency response procedures, or to determine the effectiveness of their security plans for detecting specific attacks. White-Box testing is the best penetration test if time is limited or if specific penetration testing is not within the scope of the information collection. kalilinux Wireless network penetration Testing Tutorial

2. black box test

black box testing differs from white-box testing in that an authorized black-box test is designed to mimic an attacker's intrusion and is implemented without knowing the majority of the information and knowledge of the client organization. Black-Box testing can be used to test the ability of internal security teams to detect and respond to an attack. Black-Box testing is more time-consuming and laborious, and requires penetration testers with more technical capabilities. It relies on the attacker's ability to capture the system of the target system through probing. Therefore, as a penetration tester for a black-box test, it is usually not necessary to identify all the security vulnerabilities of the target system, but to try to identify and exploit the attack path that can obtain the least cost of access to the target system and ensure that it is not detected. kalilinux Wireless network penetration Testing Tutorial

Penetration testing usually has two distinct characteristics, regardless of whether the test method is the same.

q Penetration testing is a gradual and progressive process.

q Penetration testing is a test that chooses an attack method that does not affect the normal operation of the business system.

Note: Before penetration testing, there are a number of requirements that need to be considered, such as legal boundaries, time constraints, and constraints. Therefore, the first step in penetration testing is to obtain the customer's permission. If you do not do so, it will likely lead to legal action issues. Therefore, we must make the correct judgment. kalilinux Wireless network penetration Testing Tutorial

Build penetration test environment selected from Kalilinux Wireless network penetration test Tutorial