6.8 Penetration Testing

Pen Testing for Trojans and Backdoors

  • Scan the system for open ports, running processes, registry entries, device drivers and services.
  • If any suspicious port, process, registry entry, device driver or service is discovered, check the associated executable files.
  • Collect more information about these from publisher's websites, if available, and Internet.
  • Check if the open ports are known to be opened by Trojans in wild.
  • Check the startup programs and determine if all the programs in the list can be recognized with known functionalities.
  • Check the data files for modification or manipulation by opening several files and comparing hash value of these files with a pre-computed hash.
  • Check for suspicious network activities such as upload of bulk files or unusually high traffic going to a particular web address.
  • Check the critical OS file modification or manipulation using tools such as TRIPWIRE or manually comparing hash values if you have a backup copy.
  • Run an updated Trojan scanner from a reputed vendor to identify Trojans in wild.
  • Documents all your findings in previous steps; it helps in determining the next action if Trojans are identified in the system.
  • Isolate infected system from the network immediately to prevent further infection.
  • Sanitize the complete system for Trojans using an updated anti-virus.

Penetration Testing for Virus

  • Install an anti-virus program on the network infrastructure and on the end-user's system.
  • Update the anti-virus software to update virus database of the newly identified viruses.
  • Enable real-time scanning.
  • Scan the system for viruses, which helps to repair damage or delete files infected with viruses.
  • Scan the system for running processes, registry entry changes, Windows services, startup programs, files and folders integrity, and OS files modification.
  • If any suspicious process, registry entry, startup program or service is discovered, check the associated executable files.
  • Collect more information about these from publisher's websites if available, and Internet.
  • Check the startup programs and determine if all the programs in the list can be recognized with known functionalities.
  • Check the data files for modification or manipulation by opening several files and comparing hash value of these files with a pre-computed hash.
  • Check the critical OS file modification or manipulation using tools such as TRIPWIRE or manually comparing hash values if you have a backup copy.
  • If suspicious activity is found, isolate infected system from the network immediately to prevent further infection.
  • Run the anti-virus in safe mode and if any virus is detected, set the anti-virus to quarantine or delete infected files.
  • Install another anti-virus and scan the system for viruses.
  • If virus if found set the anti-virus to quarantine or delete the infected files.
  • If virus is not found, format the system with a clean operating system copy.
  • Document all the findings in previous steps; it helps in determining the next action if viruses are identified in the system.

results matching ""

    No results matching ""