Step 1: Formulating Your Plan
One slip can crash your systems — not necessarily what anyone wants. You need a detailed plan, but that doesn't mean you need volumes of testing procedures. A well-defined scope includes the following information:
●Specific systems to be tested: When selecting systems to test, start with the most critical systems and processes or the ones you suspect to be the most vulnerable. For instance, you can test computer passwords, an Internet-facing Web application, or attempt social engineering attacks before drilling down into all your systems.
●Risks involved: It pays to have a contingency plan for your ethical hacking process in case something goes awry. What if you're assessing your firewall or Web application and you take it down? This can cause system unavailability, which can reduce system performance or employee productivity. Even worse, it could cause loss of data integrity, loss of data itself, and even bad publicity. It'll most certainly tick off a person or two and make you look bad.Handle social engineering and DoS attacks carefully. Determine how they can affect the systems you're testing and your entire organization.
● When the tests will be performed and your overall timeline: Determining when the tests are performed is something that you must think long and hard about. Do you perform tests during normal business hours? How about late at night or early in the morning so that production systems aren't affected? Involve others to make sure they approve of your timing.The best approach is an unlimited attack, wherein any type of test is possible at any time of day. The bad guys aren't breaking into your systems within a limited scope, so why should you? Some exceptions to this approach are performing DoS attacks, social engineering, and physical security tests.
● How much knowledge of the systems you have before you start testing: You don't need extensive knowledge of the systems you're testing — just a basic understanding. This basic understanding helps protect you and the tested systems.
● What action will be taken when a major vulnerability is discovered: Don't stop after you find one security hole. This can lead to a false sense of security. Keep going to see what else you can discover. You don't have to keep hacking until the end of time or until you crash all your systems; simply pursue the path you're going down until you can't hack it any longer (pun intended). If you haven't found any vulnerabilities, you haven't looked hard enough.
● The specific deliverables: This includes security assessment reports and a higher-level report outlining the general vulnerabilities to be addressed, along with countermeasures that should be implemented.
Step 2: Do Some Recon
Find out what your target is doing. What are you up against? Size up your opponent (or rather thing) before you launch your attack. You can do some reconnaissance work by analyzing the network traffic of the target.
Step 3: Launch the Attack
1. Search the Internet for your organization's name, your computer and network system names, and your IP addresses.
2. Narrow your scope, targeting the specific systems you're testing.Whether you're assessing physical security structures or Web applications, a casual assessment can turn up a lot of information about your systems.
3. Further narrow your focus with a more critical eye. Perform actual scans and other detailed tests to uncover vulnerabilities on your systems.
4. Perform the attacks and exploit any vulnerabilities you've found, if that's what you choose to do.
Step 4: Evaluate the Results
Step 5: Source
●Dummies.com (for some additional side information).