Leadership

Video: Master the five phases of a successful network penetration

Understanding how an enemy can penetrate your defenses is critical to effectively protecting your network. In this video, Bill Detwiler discusses the five phases of successful network penetration and covers ways to defend against each type of attack.

Understanding how an enemy can penetrate your defenses is critical to effectively protecting your network. In this video, I go over the five phases of successful network penetration:

  • Reconnaissance
  • Scanning
  • Gaining Access
  • Maintaining Access
  • Covering Tracks

I also provide tips for defending against each type of attack.

For those of you who prefer text to video, you can click the Transcript link that appears below the video player window or you can also read Tom Olzak's article, "The five phases of a successful network penetration," on which this video is based.

You can also sign up to receive the latest IT Dojo lessons through one or more of the following methods:

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

39 comments
Janetjoan7
Janetjoan7

Resume writing service This is one of the most incredible blogs Ive read in a very long time. The amount of information in here is stunning, like you practically wrote the book on the subject. Your blog is great for anyone who wants to understand this subject more. Great stuff; please keep it up!

joberjo2
joberjo2

Wow!!! a real cool article. I just spent the last fifteen weeks studying these phases in college using the Counter Hack Reloaded book and I must say this is one great article to summarize evrything in seven minutes..Awesome.

iswayn
iswayn

Worth watching three times over .....Thanks Bill.

flielgueraq
flielgueraq

This video is very informative, and intereting, special the last part. But, I think that is not enough. Regards.

xlbalagosa
xlbalagosa

Lack info. The IT guy is telling you what to do but he is not telling you HOW TO DO it. he is wasting his time talking!!!!!!

BALTHOR
BALTHOR

These hackers can get into network levels that are impossible for me access.(I think that T1 means times one infinity.)

thecbob
thecbob

Bill makes some good rudimental points in his video. Due diligence in setting security controls is very important. However, he did somewhat gloss over the "Weakest Link", which is too often found between the keyboard and chair - Yes, the end user. SysAdmins and Security Engineers too often fail to increase the end-user's level of awareness. Some think that by imparting knowledge, they are somehow diminishing their value. Quite the contrary, the better Admins and Engineers school the end-users on social engineering, good computer practices, anomaly detection, etc., the stronger the network becomes. Raising the level-of-awareness of end-users about "their" actions and sensing that something just didn't seem right can prevent breaches and halt them before they become a crisis.

b_every
b_every

Some followup tutorials would round it off very well

reisen55
reisen55

Outsourcing internal IT staff is almost guaranteed to lower security standards and introduce a new level of hands to care and control your data and, in many cases, your clients data. Legion are the tales of simple things like lost CDRoms and boxes of tapes left somewhere by ACS or CSC employees. OOpps. And server patching is often ignored. My last real corporate home outsourced IT and a year later over 200 servers were hit by a worm. Just outsource - it's all done for you.

Photogenic Memory
Photogenic Memory

The content is actually on track. However, after reading and keeping up with the Conficker craziness; the above articles' defense point just seem to basic for me. I guess I consider them common sense practice to follow. However, it seems people are getting slicker or have been for sometime. I am just now becoming aware of how easily all of those attempts to secure networks is becoming a bit useless as multi-forming rookit/virus/worm/trojan get's through a weak PC/Server on the network due to malware or insecure OS software modules. Shits kinda kinda crazy out there! I don't know about you guys but I'm a little nervous about this stuff. I found this article on slashdot about " grayhats". It's extremely interesting. http://www.tomshardware.com/reviews/dino-dai-zovi,2260.html

support
support

I never realized how the black hat techniques was so active in trying to penetrate web sites. The part of the video about the attackers gathering data from employees was enlightening. Thanks, Tom Troughton http://www.StartaBlogWebSite.com?ck

Bill Detwiler
Bill Detwiler

Understanding how an enemy can penetrate your defenses is critical to effectively protecting your network. In a recent video, I discuss the five phases of successful network penetration and cover ways to defend against each type of attack. Original post: http://blogs.techrepublic.com.com/itdojo/?p=464 When you look at your company's network security, what do you believe is the weakest link in your company's network security plan? Are you trying to strengthen that link? If so, how? If not, why?

Neon Samurai
Neon Samurai

Do you mean disk images like workthough through the DeICE .iso series? I'm always on the lookout for other training targets so I ask encase you have something beyond DVL and DeICE disks.

SgtPappy
SgtPappy

...to tell you how to do it, because there are sooo many ways to do it. Each one kind of depends on your needs, and your network configuration. This video is a tool to get you to think about how an attacker might get into your network and how you should be looking for ways to prevent that.

JCitizen
JCitizen

It is up to the reader to look at the points brought up in the article and learn how to accomplish each phase. If your into IT security, you should have already accomplished most of them. The ones you haven't may be in the article. This is what makes this information worth while. A handly laundry list to checkup on and make sure one hasn't missed something, or needs to look into getting the manuals, or information to not only complete the task, but catch up on new technology. The methods of completing the actions on this article would be completely different today as it would have been done a year ago.

Olami2009
Olami2009

The Article is o.k. but You need to throw more light on it.

peege3
peege3

Is shutting down ports really a good idea? Or do we want unused ports to simply not respond to requests? Or is that just a practice for home users and has no application in corporate IT? The other thing from the video that made me wonder was the bit about "filtering file transfer content". In order to do this, doesn't this mean that the company should also have a certificate server so that it can monitor SSL traffic?

bishop7
bishop7

Anyone know of any articles/sites with a number of firewall / IDS/IPS best practices?

oberois
oberois

No company is an island. Lack of adequate vigilance and security will allow hackers to sniff around whether one outsources or keeps all development internally. Further more outsourcing is here to stay. It is new reality in a competitive of international environment. What we need are the firewalls that protect our data when it is being transmitted. The articles points to recommendations that need to be heeded.

Sarnath
Sarnath

Have always pondered about this point of view! Thanks for sharing this info! Very useful and insightful! Best Regards, Sarnath

Timbo Zimbabwe
Timbo Zimbabwe

So why are we watching a 7 minute video for the same thing? Sorry Bill, but I'm officially unsubscribing from your articles...

vibinjohn82
vibinjohn82

thanks for the post very informative and useful Regards Vibin John

aredubbya
aredubbya

I appreciate the difficulty in describing all possible methods of preventing Phases 1-5 but if there is any information that could point me in the right direction it would be much appreciated. Something that would help me make a more informed decision like; Possible ways of implmenting like Phase 1 can be acheived by doing..., learning about..., etc.

bishop7
bishop7

... it sure could exacerbate the problem. One thing that wasn't really mentioned (or mentioned briefly) ... security is as much a people problem as it is a technology problem. In the case of outsourcing, you have no control over the people who have access to your environment. Implementing top notch firewall, IDS/IPS, encryption and other technologies won't do you much good if your people consistently lose data storage media, are not properly trained on how to deal with third-parties and social engineers, etc. Let's face it, it's hard enough to find people who you hire directly who are really security-aware, now you have people who are likely bottom-of-the-barrel types hired by the outsourcing companies to become more 'competitive.' At least with a local security or admin team you have some visibility to what's going on and who is touching your data. Not so much when you outsource your systems to others. When someone you rarely see makes those kinds of mistakes with your assets, will you ever be in a position to know about it? Ignorance sure isn't bliss when it comes to security. It can be downright dangerous, actually.

reisen55
reisen55

The outsourcing company that did not update or patch the servers was COMPUTER SCIENCES CORPORATION, which is a large large scale government contractor too!!!!!!! I also spent time with First Consulting Group at Continuum Health Partners, hospital chain in Manhattan. Three hospitals: Roosevelt, St. Lukes and Beth Israel. Ok, here we have real people with real LIVES in danger. 30 systems stolen from St. Lukes. 1 system stolen from cafeteria in Roosevelt. Virus infections everywhere Malware infections everywhere Porn everywhere including children's systems. GHOST a system to fix - within 1 week it all comes back again. And peoples LIVES were at stake here. So, not just Bangalore is to blame. My argument is that internal IT staff, the employees beholden to the company and very very loyal, are the BEST for this job and outsourcing firms don't give a damn about security FIRST - to their business, the CONTRACT is sacrosanct and all important. Now, care to continue saying how good outsourcing is?

rtexrussell
rtexrussell

yes I could of read it faster but my understanding and retention is enhanced with the video audio content of the presentation. bill keep up the good work.

SgtPappy
SgtPappy

If you don't want to watch the video read the transcript. It's that simple. Why complain? Bill is providing a service, if you don't like it move on.

Bill Detwiler
Bill Detwiler

Did you try the transcript link below the video player window? How about the link to Tom Olzak's article, on which the video is based? Video isn't right for everyone, so we offer information in a variety of formats--text, audio, and video.

Neon Samurai
Neon Samurai

"Tom Olzak?s article, ?The five phases of a successful network penetration,?" That would be pointing you to more information. It was a link given in the text along with the embedded video. If not in this article, then in that article, it indicates that these are the initial steps from the Certified Ethical Hacker content; now you go to google and type in "certified ethical hacker". (edit): sorry, didn't mean to post again into this thread but check out Tom's original article for more content.

Neon Samurai
Neon Samurai

It depends on the level of detail you are looking for. ISBN 978-0-7821-4437-6 CEH Review Guide is good as a general overview. the more comprehensive CEH training guide (ISBN in title), will go into detail. Another option is the Open Source Security Tester's Methedology. http://en.wikipedia.org/wiki/OSSTMM

Neon Samurai
Neon Samurai

"Just to clarify these are phases an intruder uses to penetrate your systems" - Yes " not how you go about preventing a break-in." - No They are phases an criminal or contracted penetration tester will take to try and get into your network systems. They are also the phases your in house security professionals should take to identify weaknesses before a criminal or your contracted auditor find. This is proactive security; actively looking for weaknesses using the same techniques and tools that a criminal would. The alternative would be reactive security; waiting for things to go badly before responding to them or "allow all then deny as needed". That's my thinking anyway. These steps are not the entire act of protecting a network but they are a key activity for determining how effective the overall security strategy is.

ctech1
ctech1

Just to clarify these are phases an intruder uses to penetrate your systems not how you go about preventing a break-in. To help alleviate reconnaissance you must do a security evaluation on your system of all services that could be giving the attacker information about your system. This can be any service that is transmitting data in clear text such as early versions of SNMP or Cisco routers broadcasting the CDP protocol. These are just a few examples you really need a good well rounded security policy in place, a good start is reading ISO 27002. This article is just defining how a generic attack is performed to assist you with creating your security policy and understanding. I hope this helps.

Support Slug
Support Slug

All you need to do is hunt the malware coders down and chop off their hands with a machete. Won't have to do that too many times before nobody dares to write that crap anymore.

techrepublic
techrepublic

Even if you had not used libelous statements in your rant, it still would have been anecdotes mixed with your prejudice. There are many companies who do a fine job with outsourcing and many companies who do a poor job with in-house assets. The video is an excellent teaching tool. It can be embellished with ease by using it (or the linked transcript) as a step-by-step outline. Thanks for going through the trouble of making it.

Support Slug
Support Slug

...is, of course, the users. But you knew that already.

Editor's Picks