CYB 403 SYSTEMS VULNERABILITY ASSESSMENT AND

TESTING
Prerequisite: CYB102, CYB 204

What is a system vulnerability?

A vulnerability is a weakness in an IT system that can be exploited by an attacker to
deliver a successful attack. They can occur through flaws, features or user error, and
attackers will look to exploit any of them, often combining one or more, to achieve their end
goal.

What are vulnerabilities, and how are they exploited?

A vulnerability is a weakness in an IT system that can be exploited by an attacker to deliver a

successful attack. They can occur through flaws, features or user error, and attackers will
look to exploit any of them, often combining one or more, to achieve their end goal.

Flaws

A flaw is unintended functionality. This may either be a result of poor design or through
mistakes made during implementation. Flaws may go undetected for a significant period of
time. The majority of common attacks we see today exploit these types of vulnerabilities.
Between 2014 and 2015, nearly 8,000 unique and verified software vulnerabilities were
disclosed in the US National Vulnerability Database (NVD).

Vulnerabilities are actively pursued and exploited by the full range of attackers. Consequently, a
market has grown in software flaws, with ‘zero-day’ vulnerabilities (that is recently discovered
vulnerabilities that are not yet publically known) fetching hundreds of thousands of pounds.
Zero-day vulnerabilities

Zero-days are frequently used in bespoke attacks by the more capable and resourced
attackers. Once the zero-days become publically known, reusable attacks are developed and
they quickly become a commodity capability. This poses a risk to any computer or system
that has not had the relevant patch applied, or updated its antivirus software. The ability for
an attacker to find and attack software flaws or subvert features depends on the nature of the
software and their technical capabilities. Some target platforms are relatively simple to
access, for example web applications could, by design, be capable of interacting with the
Internet and may provide an opportunity for an attacker.

Features

A feature is intended functionality which can be misused by an attacker to breach a system.

Features may improve the user’s experience, help diagnose problems or improve
management, but they can also be exploited by an attacker.

When Microsoft introduced macros into their Office suite in the late 1990s, macros soon
became the vulnerability of choice with the Melissa worm in 1999 being a prime example.
Macros are still exploited today; the Dridex banking Trojan that was spreading in late 2014
relies on spam to deliver Microsoft Word documents containing malicious macro code, which
then downloads Dridex onto the affected system.

What is a system assessment?

The System Assessment provides a comprehensive evaluation of critical areas that affect
system performance, including hardware, software and firmware, system and Ethernet
communications, and current maintenance practices.

System Assessment is an on-site system inspection and status evaluation of an 800xA or a

Freelance control system. It is a key service for maintaining high system availability and
avoiding disruptions and interruptions in production.

The System Assessment provides a comprehensive evaluation of critical areas that affect
system performance, including hardware, software and firmware, system and
Ethernet communications, and current maintenance practices. Different parameters are read
from the installed system and compared to ABB requirements and best practices. Non-
optimal system states and settings are automatically identified.

As result, the Assessment report presents the evaluated findings and gives detailed
interpretation and further recommendations in order to reach maximum system performance.

ABB recommends performing a System Assessment annually as part of a regular preventive

maintenance program and long-term improvement plan. These checks support customers in
achieving and securing improved system performance levels.

Benefits
 Increases control system performance, availability and reliability
 Minimizes risk of system upsets
 Lowers maintenance cost
 Improves system maintainability
 Reduces risk of component failures

The System Assessment procedures have been developed on the base of long-term service
experience. All tests are done during plant operation and are executed on a low priority level
in order not to strain the system in operation. Following a systematic guideline, an ABB
service engineer steps through more than hundred control points in the system. Computer
aided data collection and analysis is supplemented by individual inspections and audits.

Once the evaluation has been completed, a detailed report, including findings, improvement
recommendations, and areas found to need further analysis is provided. Our standardized
rules for report generation guarantee an easy-to-read report.
The resulting System Assessment Report outlines actions that will help prevent potential
problems and improve availability, reliability and system performance. It provides general
impact and ROI discussions and recommends actions, if required. The report also addresses
the technical specialists, explaining all findings, and provides the severity, possible impacts,
detailed recommendations and document references for each of them.

ABB offers assistance with the implementation of improvement recommendations. ABB

Local Service will present the System Assessment Report to the customer in a meeting. This
gives the opportunity to discuss possible Return on the automation Investment (ROI) impacts,
and agree, if necessary, in an action plan to improve system reliability, availability and
operational performance to its best. An ABB field service professional, experienced in system
operation, is available to lead improvement activities utilizing site or ABB personnel.

What is System Testing. Definition?

System testing is defined as testing of a complete and fully integrated software product.
This testing falls in black-box testing wherein knowledge of the inner design of the code is
not a pre-requisite and is done by the testing team.

System testing, also referred to as system-level testing or system integration testing, is the
process in which a quality assurance (QA) team evaluates how the various components of an
application interact together in the full, integrated system or application.

System testing verifies that an application performs tasks as designed. It's a type of black box
testing that focuses on the functionality of an application rather than the inner workings of a
system, which white box testing is concerned with.

System testing, for example, might check that every kind of user input produces the intended
output across the application. System testing is the third level of testing in the software
development process. It's typically performed before acceptance testing and after integration
testing.

Testing Method And Techniues:

Vulnerability testing is a process of evaluating and identifying security weaknesses in a

computer system, network, or software application. It involves systematically scanning,
probing, and analyzing systems and applications to uncover potential vulnerabilities, such as
coding errors, configuration flaws, or outdated software components.

The main goal of vulnerability testing is to discover and address these security gaps before
they can be exploited by attackers, ultimately improving the overall security and resilience of
the system.

Why Is Vulnerability Testing Important?

Vulnerability testing is important for several reasons:

Comprehensive understanding of the attack surface

Vulnerability testing enables organizations to have a better understanding of their systems,

networks, and applications. This comprehensive view helps to identify potential weak points
and entry points that attackers might exploit.

Adapting to evolving threats

Cyber threats are constantly changing and evolving, with new vulnerabilities and attack
vectors emerging regularly. Vulnerability testing helps organizations stay up-to-date with the
latest security threats and take proactive measures to address them.
Reducing attack vectors

By identifying and addressing vulnerabilities, organizations can reduce the number of

potential attack vectors available to cybercriminals. This decreases the likelihood of a
successful cyberattack and helps safeguard critical systems and data.

Enhanced security measures

Vulnerability testing provides valuable information that can be used to improve security
measures. This may include implementing new security controls, updating policies and
procedures, or providing employee training on security best practices.

Continuous improvement

Vulnerability testing is an ongoing process, which allows organizations to continuously

monitor their systems and applications for new vulnerabilities. This iterative approach
enables organizations to make necessary adjustments and improvements, ensuring their
security posture remains strong over time.

Risk management

Conducting vulnerability testing helps organizations understand and manage their security
risks more effectively. By quantifying and prioritizing vulnerabilities based on their potential
impact, organizations can make informed decisions about allocating resources and addressing
risks.

Vulnerability Testing Methods:

Vulnerability testing methods can be broadly categorized based on the approach taken to
identify vulnerabilities. Here’s an overview of active testing, passive testing, network testing,
and distributed testing:

Active Testing

Active testing is a vulnerability testing method in which testers interact directly with the
target system, network, or application to identify potential security weaknesses. It typically
involves sending inputs, requests, or packets to the target and analyzing the responses to
discover vulnerabilities.

Active testing can be intrusive and may cause disruptions or performance issues in the target
system, but it is usually more effective in finding vulnerabilities than passive testing.
Examples of active testing include:

 Port scanning to identify open ports and services running on a network.

 Fuzz testing, which involves sending malformed or unexpected inputs to applications
to discover vulnerabilities related to input validation and error handling.

Passive Testing
Passive testing is a non-intrusive vulnerability testing method that involves observing and
analyzing the target system, network, or application without directly interacting with it.
Passive testing focuses on gathering information about the target, such as network traffic,
configuration settings, or application behavior, to identify potential vulnerabilities.

This method is less likely to cause disruptions or performance issues but may be less
effective in finding vulnerabilities compared to active testing. Examples of passive testing
include:

 Traffic monitoring to identify patterns or anomalies that may indicate security

weaknesses.
 Configuration reviews to assess security settings and identify misconfigurations.

Network Testing

Network testing is a vulnerability testing method focused on identifying security weaknesses

in network infrastructure, including devices, protocols, and configurations. It aims to discover
vulnerabilities that could allow unauthorized access, eavesdropping, or Denial of Service
(DoS) attacks on the network.

Network testing typically involves both active and passive testing techniques to evaluate the
network’s security posture comprehensively. Examples of network testing include:

 Scanning for open ports and services on network devices.

 Analyzing network protocols and configurations for security flaws.

Distributed Testing

Distributed testing is a vulnerability testing method that involves using multiple testing tools
or systems, often deployed across different locations, to scan and analyze the target system,
network, or application for vulnerabilities.

This approach can help provide a more comprehensive view of the target’s security posture,
as it helps identify vulnerabilities that may be visible only from specific locations or under
specific conditions. Distributed testing can also help distribute the load of vulnerability
testing, reducing the impact on the target system and increasing the efficiency of the testing
process.

Examples of distributed testing include:

 Using multiple vulnerability scanners from different locations to scan a web

application for potential security flaws.
 Coordinating a team of testers in different geographical locations to perform
simultaneous network vulnerability testing.

What Are Vulnerability Testing Tools?

Vulnerability testing tools are software applications or services designed to help

organizations identify and assess security weaknesses in their systems, networks, or
applications. These tools automate the process of vulnerability testing, making it more
efficient, accurate, and consistent.

There are several types of vulnerability testing tools, including:

 Network vulnerability scanners: These tools scan networks for open ports,
misconfigurations, and other security weaknesses.
 Web application vulnerability scanners: These tools are specifically designed to
identify vulnerabilities in web applications, such as SQL injection, cross-site scripting
(XSS), and broken authentication.
 Static application security testing (SAST) tools: Designed to analyze source code
or compiled code to identify potential security vulnerabilities without executing the
application.
 Dynamic application security testing (DAST) tools: Built to interact with running
applications to identify security weaknesses during runtime.
 Fuzz testing tools: Generate and send malformed or unexpected inputs to
applications to identify vulnerabilities related to input validation and error handling.
 Configuration management and compliance tools: These tools assess system and
application configurations against established security best practices or compliance
standards, such as CIS Benchmarks or PCI DSS.
 Container and cloud security tools: These tools focus on identifying vulnerabilities
and misconfigurations in cloud-based environments and containerized applications.

Organizations often use a combination of these vulnerability testing tools to achieve a

comprehensive assessment of their security posture. It is important to keep these tools up-to-
date to ensure they can effectively detect and analyze the latest security threats and
vulnerabilities.

Penetration testing methodology:

is a specific course of action taken by a pentest provider to conduct the pentest of a

target website or network. There are multiple penetration testing methodologies that can be
put to use depending on the category of the target business, the goal of the pentest, and its
scope.

The online space opens up new opportunities but also avenues for cyber attacks. It is vital
that we ensure that our systems and applications have enough security to protect against
these. Penetration testing helps in answering vital questions in regard to security standards
and vulnerabilities.

This pentest methodology guide is here to help you navigate this complex process by
providing a framework and steps. Read on to find the types of areas to penetration test and
the various stages and their requirements.

What is Penetration Testing Methodology?

Penetration testing methodology is a specific course of action taken by a pentest provider to

conduct the pentest of a target website or network. There are multiple penetration testing
methodologies that can be put to use depending on the category of the target business, the
goal of the pentest, and its scope.
What Is A Penetration Testing Framework?

The penetration testing framework is a list of penetration testing methods for different
security testing tools in every category of testing. Discovery, probing, reconnaissance,
enumeration, and vulnerability assessments are some of the various uses of a penetration
testing tool.

Penetration Testing Methodologies and Standards

There are various standards and methodologies that ensure the penetration test is authentic
and covers all important aspects. Some of them are mentioned below:

1. OSSTMM
2. OWASP
3. NIST
4. PTES
5. ISSAF

What is OSSTMM?

OSSTMM is short for Open-Source Security Testing Methodology Manual. It is one of the
most widely used and recognized standards of penetration testing. It’s based on a scientific
approach to penetration testing that contains adaptable guides for testers. You can use this to
conduct an accurate assessment.

What is OWASP?

OWASP stands for Open Web Application Security Project. Widely known, this pentest
standard is developed and updated by a community keeping in trend with the latest threats.
Apart from application vulnerabilities, this also accounts for logic errors in processes.

What is NIST?

National Institute of Standards and Technology (NIST) offers very specific pentesting
methodology for pentesters to help them improve the accuracy of the test. Both large and
small companies, in various industries, can leverage this framework for a penetration test.

What is PTES?

PTES or Penetration Testing Execution Standards is a pentest methodology designed by a

team of information security professionals. The goal of PTES is to create a comprehensive
and up-to-date standard for penetration testing as well as to build awareness among
businesses as to what to expect from a pentest.

What is ISSAF?

The Information System Security Assessment Framework (ISSAF) is a pentesting guide

supported by the Open Information Systems Security Group. This is one of the security
testing methodologies is not updated anymore, hence it is a bit out of data. Nevertheless, it is
still in use for its comprehensive nature – it links different steps of the pentest process with
relevant tools.

Test Planning And Schedulling:

Test planning involves scheduling and estimating the system testing process, establishing
process standards and describing the tests that should be carried out.

As well as helping managers allocate resources and estimate testing schedules, test plans are
intended for software engineers involved in designing and carrying out system tests. They
help technical staff get an overall picture of the system tests and place their own work in this
context. Frewin and Hatton (Frewin and Hatton, 1986). Humphrey (Humphrey, 1989) and Kit
(Kit, 1995) also include discussions on test planning.

Test planning is particularly important in large software system development. As well as

setting out the testing schedule and procedures, the test plan defines the hardware and
software resources that are required. This is useful for system managers who are responsible
for ensuring that these resources are available to the testing team. Test plans should normally
include significant amounts of contingency so that slippages in design and implementation
can be accommodated and staff redeployed to other activities.

Test plans are not a static documents but evolve during the development process. Test plans
change because of delays at other stages in the development process. If part of a system is
incomplete, the system as a whole cannot be tested. You then have to revise the test plan to
redeploy the testers to some other activity and bring them back when the software is once
again available.

For small and medium-sized systems, a less formal test plan may be used, but there is still a
need for a formal document to support the planning of the testing process. For some agile
processes, such as extreme programming, testing is inseparable from development. Like other
planning activities, test planning is also incremental. In XP, the customer is ultimately
responsible for deciding how much effort should be devoted to system testing.

Information Gathering:

What is Information Gathering?

Information gathering is a process of collecting information from different sources, such as

books, websites, interviews, surveys, and more. This process is used to gather information
about a particular topic or issue. It helps to create a comprehensive picture of the subject, and
is essential for making informed decisions. By gathering information, organizations and
individuals can better understand the environment in which they operate, identify potential
risks, develop strategies, and make informed decisions. Additionally, information gathering
can help to inform public policy and create public awareness on important topics.

Importance of Information Gathering in Cyber Security

Information gathering is an essential part of cyber security. By gathering information,

organizations can better understand their networks, identify potential threats and
vulnerabilities, and develop strategies to protect their systems. Additionally, information
gathering can help organizations detect and respond to cyber-attacks, as well as help them
develop better security practices. Information gathering can also be used to identify malicious
actors, establish a baseline of normal network activity, and uncover suspicious patterns of
behaviour. Finally, information gathering can help organizations develop better cyber
security policies, procedures, and training programs.

Type of Information Required in Cyber Security

The type of information required in cyber security depends on the organization’s goals and
objectives. Generally, organizations should collect information about their networks,
including details about hardware and software, as well as data about users and their access
privileges. Organizations should also gather information about the threats and vulnerabilities
they face, as well as information about the malicious actors they may encounter.
Additionally, organizations should collect information about their policies and procedures, as
well as their security practices. Finally, organizations should collect information about their
compliance requirements and the laws and regulations they must abide by.

Information Gathering Techniques

Information gathering techniques vary depending on the type of information being collected.
Generally, these techniques can be divided into two categories: active and passive. Active
techniques involve actively probing a network or system to collect information, while passive
techniques involve listening for information without sending any data or requests. Examples
of active techniques include port scanning, vulnerability scanning, and protocol analysis.
Examples of passive techniques include traffic analysis, log analysis, and packet capture.

Information Gathering Tools

There are many different tools available for information gathering. Network mapping tools
can be used to create a visual representation of an organization’s network, while vulnerability
scanners can be used to identify weaknesses in a system. Protocol analysis tools can be used
to analyze the data that is transferred between systems, while traffic analysis tools can be
used to monitor and analyze network traffic. Additionally, log analysis tools can be used to
identify suspicious activity and packet capture tools can be used to record and analyze
packets. Finally, there are also a number of tools available for gathering information from
public sources, such as search engines and social media.

Information Gathering Websites

There are a number of websites that can be used for information gathering. Popular search
engines such as Google, Bing, and Yahoo are good starting points for gathering information.
Additionally, social media sites such as Twitter, Facebook, and LinkedIn can be used to
gather information about people and organizations. Government websites, such as the US
Census Bureau, can also be used to gather information about specific demographics. Finally,
there are also a number of websites dedicated to cyber security, such as security blogs and
forums, which can provide valuable insight about the latest threats and vulnerabilities.

Information Gathering Phases

The information gathering process typically involves four phases: identification, collection,
analysis, and reporting. In the identification phase, the information to be gathered is
identified, and the sources of data are identified and categorized. In the collection phase, the
data is gathered from the identified sources. In the analysis phase, the data is analyzed to
extract useful information and insights. In the reporting phase, the gathered information is
reported in a format that is easy to understand and interpret.

Information Gathering By Cyber Criminals

Cyber criminals use a variety of techniques to gather information. These techniques are
generally divided into two categories: active and passive. Active techniques involve actively
probing a system or network to collect information, while passive techniques involve
listening for information without sending any data or requests. Examples of active techniques
include port scanning, vulnerability scanning, and protocol analysis. Examples of passive
techniques include traffic analysis, log analysis, and packet capture. Cyber criminals also use
social engineering techniques such as phishing and social media scraping to collect data
about individuals and organizations.

Conclusion

Information gathering is an essential process for cyber security. By gathering information,

organizations can better understand their networks, identify potential threats and
vulnerabilities, and develop strategies to protect their systems. Additionally, information
gathering can help organizations detect and respond to cyber-attacks, as well as help them
develop better security practices. There are a variety of techniques and tools that can be used
for information gathering, including search engines, social media, network mapping tools,
vulnerability scanners, and more. Cyber criminals also use a variety of techniques to gather
information, such as port scanning, social engineering, and packet capture.

Password Cracking Penetration:

It’s no surprise that successful data breaches can frequently be traced back to weak or stolen
passwords. Research for the 2023 State of the Phish report from Proofpoint found that only
31% of working adults manually enter a unique password for each work account. Worse, 8%
of them even gave out their passwords in threat situations.

These worrying statistics underscore the risks that poor password management pose. When
users don’t take password safety seriously, the attack surface of an entire organization is
exponentially increased.

To help your organization significantly reduce its risk of data loss and account compromise,
we’ve put together a list of some of the most common password cracking techniques, how
they work, and tips for keeping your organization safe.

What is password cracking?

Password cracking typically refers to the process of recovering scrambled passwords. It can
be used to help a user get back a forgotten password or to help a system administrator check
for weak passwords. But more often, password cracking is used by bad actors to gain
unauthorized access to systems and resources.
As an attack vector, password cracking is incredibly varied. Threat actors use specialized
tools, multiple techniques and even blend complimentary tactics to boost their chances of
success. To get a clearer picture of how they all fit together, it helps to understand that attacks
typically fall into two categories:

1. Password guessing
2. Password cracking

Strictly speaking, password guessing and password cracking are not the same thing, even
though the terms are often conflated. Password guessing is an online technique where a bad
actor uses various combinations of characters in a process of trial and error. In contrast,
password cracking refers to an offline process where an attacker attempts to decipher
plaintext passwords from their encrypted forms. Because these techniques are typically
lumped together, we’re covering both of them here.

5 Common password cracking techniques

While there are multiple ways that threat actors crack passwords, here are a few of the most
common:

1. Brute-force attack

With this relatively old but effective attack method, bad actors use automated scripts to try
out possible passwords until the correct one works. Brute-force attacks can be very time
consuming because they take a systematic approach to trying all possible permutations of
characters in a sequence. The longer the password, the longer it takes.

Brute-force attacks are most successful when users have common or weak passwords, which
can be “guessed” by tools in a matter of seconds. Cracking a strong password might take a
few hours or days.

Admins who want to defend against to these attacks have several options, including:

 Limiting the number of times a password can be tried

 Blocking an IP address after it has attempted—and failed—to enter the correct password after
a certain number of times
 Locking accounts after a certain number of unsuccessful login attempts
 Imposing a time delay between attempts
 Increasing the level of effort, like adding a CAPTCHA or adding multifactor authentication

2. Dictionary attack

These attacks are similar to brute-force attacks, but they’re less about quantity and more
about quality. In other words, instead of trying every possible combination, bad actors start
with the assumption that users are likely to follow certain patterns when they create a
password. So they will home in on the most likely words rather than trying everything.

Some users pick easy to remember passwords, like “password” or “123abc.” Others follow
predictable patterns that can vary by region—users might pick words related to their favorite
sports teams, local landmarks, city names, and so on. So, for example, a New Yorker might
choose “yankeefan1998.” Attackers collect lists of likely passwords into attack dictionaries.
Then, they augment likely passwords with numbers, letters and characters for longer
passwords.

While these lists aren’t as long as those used in brute-force attacks, they can be quite large.
So attackers use automated scripts to try each password on a username until they’re locked
out.

3. Credential stuffing attack

With credential stuffing, bad actors take advantage the tendency for users to reuse the same
usernames and passwords for multiple accounts. As more credentials are exposed through
data breaches, the opportunity for these types of attacks is growing.

Here’s how it works. Pairs of compromised usernames and passwords are added to a botnet
that automates the process of trying those credentials on multiple sites at the same time. The
purpose of these attacks is to identify account combinations that work and can be re-used
across multiple sites.

These attacks have a relatively low success rate, but the impact of a large-scale botnet attack
is often anything but small.

4. Hybrid attack

When users change their password, they’ll often add a few extra numbers, letters or
characters at the end. Hybrid attacks take advantage of this tendency.

Often, hybrid attacks are a mix of dictionary attacks and brute force. In this case, a bad actor
may get a user’s compromised password for one site. The user learns it has been
compromised and changes it. The attacker will now try out variations of the old password
using a brute force method that automates the additions of numbers, letters and more.

While this method is more time-consuming than a simple dictionary attack, it’s faster than a
brute-force attack.

5. Rainbow table attack

To keep passwords safe, any responsible organization that stores passwords won’t keep them
in their original plaintext form. Rather, they use a hashing algorithm to convert passwords
into a string of seemingly random letters and numbers. They might even hash this output a
second time in a process called “salting” to make the password even more difficult to crack.

But there are only a limited number of hashing algorithms. And they hash the same
passwords the same way every time. As a result, attackers can develop databases of common
passwords that they’ve been able to decode. Once they have deciphered a password, they
store it in a database called a rainbow table.

When attacker gets a new hashed password, they check to see if it matches any of the
precomputed hashes stored in their rainbow table. The downside to rainbow tables is that they
take considerable time and effort to create. And they often don’t work on passwords that have
been salted.

Tips to protect your organization against password attacks

Safe passwords may seem like a trivial piece of your cybersecurity strategy. But passwords
are the most common way that cyber criminals gain unauthorized access to confidential data
and systems. That makes strong passwords essential to keeping your organization safe. All
types of businesses, organizations and institutions can benefit from these password best
practices:

 Create strong password policies. Users don’t typically have the best password
hygiene. Consider a password policy that requires a minimum passphrase length
(ideally greater than 20 characters), requires the use of special characters, and forces
users to reset their passwords regularly.
 Use multifactor authentication. When MFA is used, password cracking is mostly
neutralized (though a growing number of attacks employ MFA-bypass techniques).
An attacker might figure out a user’s password, but in many cases, they still won’t
have access to the secondary authentication method.
 Encrypt, hash and salt passwords. Both encrypting and hashing exponentially
increase the effort and the computing power that’s required for attacks. And salting
makes the process that even harder.
 Update systems regularly. When systems aren’t updated, malware that tracks users’
keystrokes can infect emails, files and applications. In these so-called keystroke
attacks, bad actors gather user credentials and other sensitive information. Updated
systems can prevent these attacks.

By implementing these measures, organizations can effectively stop sensitive information

from ending up in the wrong hands.

The future of password security

There’s no doubt that passwords have security issues. That’s why the popularity of password-
less authentication is on the rise.

Password-less authentication is generally believed to be more secure than standard

passwords. It works by enabling users to prove they are who they say they are by matching
them with something unique to them, like their voice or a security token. These security
methods are commonly used with two-factor authentication (2FA). Here are a few examples:

 Biometrics. With this method, a user’s unique characteristics, like their fingerprint,
palmprint, voice or face, are saved and encrypted. When a user wants to log in, they verify
who they are by resubmitting their biometrics.
 Time-based one-time password (TOTP). This a temporary passcode is generated by an
algorithm. They are typically six characters long and change after 30 or 60 seconds. Google
Authenticator and Microsoft Authenticator are two good examples. In another variation, the
user scans a QR code using a specific smartphone application—and then that app generates
the TOTP for the user.
 One-time pin (OTP). When a user attempts to login, an OTP—typically a six-digit code—is
sent to their cell phone number via short message service (SMS) or email. The user has a
 limited amount of time to enter that code in the system. In another variation, a unique
hyperlink is sent to the user who then clicks that so-called magic link to login.
 Push notifications. This method authenticates a user by sending a message to a secure
application on their mobile device. When the user gets the notification, they can approve or
deny access or view more details.

Password-less authentication is resistant to most password cracking methods. Plus, it alerts

users if something is wrong. The disadvantages are that it’s more complex and often requires
outside systems to function. So while the future of password security is moving towards
being more secure, it’s not necessarily more user-friendly.

How Proofpoint can help

Proofpoint TAP Account Takeover helps businesses defend their email and cloud
environments from threats, including:

 Brute-force attacks
 Phishing
 Business email compromise (BEC)
 Malware
 Data exfiltration
 Attackers’ persistent access

Our solution provides insight into what types of threats are targeting email accounts. And, if
an attacker manages to gain access to an account, it gives you the tools to take corrective
action to protect that account.

ASSIGNMENT:

Discuss the following:

1. Social Engineering Penetration Testing and security analysis

2. Internal and External Penetration testing and security analysis
3. Router Penetration testing and security analysis and Reporting and documentation
4. Operating systems fingerprinting
5. Remote network mapping
6. Software and operational vulnerabilities
7. Attack surface analysis
8. Fuzz testing
9. Patch management and security auditing
10. Summarize this handout in five {5} sentences