All language subtitles for 008 Validating the Scope (OBJ 1.2)

af Afrikaans
ak Akan
sq Albanian
am Amharic
ar Arabic
hy Armenian
az Azerbaijani
eu Basque
be Belarusian
bem Bemba
bn Bengali
bh Bihari
bs Bosnian
br Breton
bg Bulgarian
km Cambodian
ca Catalan
chr Cherokee
ny Chichewa
zh-CN Chinese (Simplified)
zh-TW Chinese (Traditional)
co Corsican
hr Croatian
cs Czech
da Danish
nl Dutch
en English
eo Esperanto
et Estonian
ee Ewe
fo Faroese
tl Filipino
fi Finnish
fr French
fy Frisian
gaa Ga
gl Galician
ka Georgian
de German
el Greek
gn Guarani
gu Gujarati
ht Haitian Creole
ha Hausa
haw Hawaiian
iw Hebrew
hi Hindi
hu Hungarian
is Icelandic
ig Igbo
id Indonesian
ia Interlingua
ga Irish
it Italian
ja Japanese
jw Javanese
kn Kannada
kk Kazakh
rw Kinyarwanda
rn Kirundi
kg Kongo
ko Korean
kri Krio (Sierra Leone)
ku Kurdish
ckb Kurdish (Soranî)
ky Kyrgyz
lo Laothian
la Latin
lv Latvian
ln Lingala
lt Lithuanian
loz Lozi
lg Luganda
ach Luo
mk Macedonian
mg Malagasy
ms Malay
ml Malayalam
mt Maltese
mi Maori
mr Marathi
mfe Mauritian Creole
mo Moldavian
mn Mongolian
sr-ME Montenegrin
ne Nepali
pcm Nigerian Pidgin
nso Northern Sotho
no Norwegian
nn Norwegian (Nynorsk)
oc Occitan
or Oriya
om Oromo
ps Pashto
fa Persian
pl Polish
pt-BR Portuguese (Brazil)
pt-PT Portuguese (Portugal)
pa Punjabi
qu Quechua
ro Romanian
rm Romansh
nyn Runyakitara
ru Russian
gd Scots Gaelic
sr Serbian
sh Serbo-Croatian
st Sesotho
tn Setswana
crs Seychellois Creole
sn Shona
sd Sindhi
si Sinhalese
sk Slovak
sl Slovenian
so Somali
es Spanish
es-419 Spanish (Latin American)
su Sundanese
sw Swahili
sv Swedish
tg Tajik
ta Tamil
tt Tatar
te Telugu
th Thai
ti Tigrinya
to Tonga
lua Tshiluba
tum Tumbuka
tr Turkish
tk Turkmen
tw Twi
ug Uighur
uk Ukrainian
ur Urdu
uz Uzbek
vi Vietnamese Download
cy Welsh
wo Wolof
xh Xhosa
yi Yiddish
yo Yoruba
zu Zulu
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,240 --> 00:00:01,589 Speaker: Once the rules of engagement 2 00:00:01,589 --> 00:00:02,850 have been agreed upon, 3 00:00:02,850 --> 00:00:05,070 the type of assessment and strategy chosen 4 00:00:05,070 --> 00:00:07,440 and the scope has been defined and identified, 5 00:00:07,440 --> 00:00:08,790 it's now time to validate 6 00:00:08,790 --> 00:00:11,010 the scope of the engagement with the client. 7 00:00:11,010 --> 00:00:12,510 Validating the scope of the engagement 8 00:00:12,510 --> 00:00:14,610 involves confirming all of the requirements, 9 00:00:14,610 --> 00:00:17,100 the scope and the details of the engagement 10 00:00:17,100 --> 00:00:19,410 before you gain final approval and permission 11 00:00:19,410 --> 00:00:20,730 to move into the next phase 12 00:00:20,730 --> 00:00:22,230 and conduct information gathering 13 00:00:22,230 --> 00:00:24,180 and vulnerability scanning. 14 00:00:24,180 --> 00:00:26,820 Your penetration testing team should always ensure 15 00:00:26,820 --> 00:00:28,920 that the target organization has a good set 16 00:00:28,920 --> 00:00:31,860 of system backups and recovery procedures as well. 17 00:00:31,860 --> 00:00:33,420 This way, you can ensure that 18 00:00:33,420 --> 00:00:35,790 if something goes very wrong during the engagement, 19 00:00:35,790 --> 00:00:37,980 a partial or full recovery can be performed 20 00:00:37,980 --> 00:00:39,870 to restore operations. 21 00:00:39,870 --> 00:00:41,700 During the validation of the scope, 22 00:00:41,700 --> 00:00:44,400 your team should also verify that they know who to contact 23 00:00:44,400 --> 00:00:47,370 within the client organization if something goes wrong, 24 00:00:47,370 --> 00:00:50,310 something needs to be deconflicted, or if they discover 25 00:00:50,310 --> 00:00:53,100 an exceptionally high risk vulnerability. 26 00:00:53,100 --> 00:00:54,960 When you're validating the scope of the engagement 27 00:00:54,960 --> 00:00:57,810 with the client, you should also review all of the key areas 28 00:00:57,810 --> 00:01:00,420 from the statement of work and the rules of engagement 29 00:01:00,420 --> 00:01:02,880 to ensure that there are no areas of confusion. 30 00:01:02,880 --> 00:01:05,580 This will include a thorough review of several items 31 00:01:05,580 --> 00:01:08,700 including the scope and the in-scope target assets, 32 00:01:08,700 --> 00:01:10,170 what is excluded from the scope 33 00:01:10,170 --> 00:01:12,300 and what's considered out of bounds, 34 00:01:12,300 --> 00:01:14,910 what strategy will be used such as an unknown, 35 00:01:14,910 --> 00:01:17,580 partially known or known environment test, 36 00:01:17,580 --> 00:01:19,680 what the timeline will be for any testing, 37 00:01:19,680 --> 00:01:22,710 as well as any constraints placed upon your working hours, 38 00:01:22,710 --> 00:01:24,450 any restrictions or applicable laws 39 00:01:24,450 --> 00:01:26,220 that will apply to this engagement 40 00:01:26,220 --> 00:01:29,190 as well as any third party service providers, services 41 00:01:29,190 --> 00:01:31,470 or off-site locations that are being considered. 42 00:01:31,470 --> 00:01:34,200 And finally, the proper communication channels to use 43 00:01:34,200 --> 00:01:36,450 during the assessment in order to provide updates 44 00:01:36,450 --> 00:01:38,100 to key stakeholders. 45 00:01:38,100 --> 00:01:40,830 Now, once we have our discussion with the organization, 46 00:01:40,830 --> 00:01:42,840 we're going to find that certain applications, 47 00:01:42,840 --> 00:01:45,930 systems, networks and even users may be placed 48 00:01:45,930 --> 00:01:49,500 on the allowed or excluded target list for the engagement. 49 00:01:49,500 --> 00:01:52,440 Now, an allowed list contains a list of authorized targets 50 00:01:52,440 --> 00:01:54,150 while an excluded list contains a list 51 00:01:54,150 --> 00:01:56,460 of unauthorized targets that we can't go after 52 00:01:56,460 --> 00:01:58,020 during our engagement. 53 00:01:58,020 --> 00:02:00,960 Many organizations have numerous boundary defenses 54 00:02:00,960 --> 00:02:03,030 such as unified threat management systems, 55 00:02:03,030 --> 00:02:05,460 firewalls, intrusion prevention systems 56 00:02:05,460 --> 00:02:07,320 that could block your access from the internet 57 00:02:07,320 --> 00:02:09,660 when you're conducting a penetration test. 58 00:02:09,660 --> 00:02:12,240 These systems are most commonly used to allow 59 00:02:12,240 --> 00:02:14,880 or prevent outsiders from accessing the network 60 00:02:14,880 --> 00:02:17,250 and operate by listing the IP addresses 61 00:02:17,250 --> 00:02:19,440 or ports in the access control list 62 00:02:19,440 --> 00:02:22,410 as either permitted allowed or denied. 63 00:02:22,410 --> 00:02:24,570 Now, depending on the scope of your assessment, 64 00:02:24,570 --> 00:02:25,860 your target organization 65 00:02:25,860 --> 00:02:28,050 may allow your penetration testing system 66 00:02:28,050 --> 00:02:30,579 to be placed into an allow list to bypass some 67 00:02:30,579 --> 00:02:33,030 or all of these boundary defenses. 68 00:02:33,030 --> 00:02:35,490 For example, if the organization wants you 69 00:02:35,490 --> 00:02:37,320 to conduct an internal assessment, 70 00:02:37,320 --> 00:02:39,780 they might allow you to have a VPN connection directly 71 00:02:39,780 --> 00:02:42,720 into their network by placing you into an allow list 72 00:02:42,720 --> 00:02:44,760 in order to simulate what an insider threat 73 00:02:44,760 --> 00:02:47,220 or authorized user might be able to accomplish 74 00:02:47,220 --> 00:02:48,660 during an attack. 75 00:02:48,660 --> 00:02:51,600 On the other hand, the organization may be more interested 76 00:02:51,600 --> 00:02:54,600 in seeing if you're able to bypass their external firewalls 77 00:02:54,600 --> 00:02:56,340 and their intrusion prevention systems 78 00:02:56,340 --> 00:02:58,110 during an external assessment. 79 00:02:58,110 --> 00:03:00,330 In this case, they're not going to add our systems 80 00:03:00,330 --> 00:03:03,240 to their allow list or allow us to bypass them directly 81 00:03:03,240 --> 00:03:05,640 and instead they'll make us work for it. 82 00:03:05,640 --> 00:03:06,780 Another concern is that 83 00:03:06,780 --> 00:03:08,550 if the organization's network defenders 84 00:03:08,550 --> 00:03:11,670 catch your penetration testing team during your assessment, 85 00:03:11,670 --> 00:03:13,890 they could add your systems to their block list. 86 00:03:13,890 --> 00:03:15,120 And effectively block us 87 00:03:15,120 --> 00:03:17,790 from directly accessing their systems anymore. 88 00:03:17,790 --> 00:03:19,410 This could require us to find a new way 89 00:03:19,410 --> 00:03:21,120 to bypass their boundary defenses 90 00:03:21,120 --> 00:03:23,190 in order to break into that network. 91 00:03:23,190 --> 00:03:25,560 Now, if time is running out during your assessment, 92 00:03:25,560 --> 00:03:27,390 you may need to talk with a trusted agent 93 00:03:27,390 --> 00:03:30,390 within the organization to have them unblock your systems 94 00:03:30,390 --> 00:03:33,300 or even a you to the allow list within the boundary device 95 00:03:33,300 --> 00:03:35,550 so that you can continue to meet the other objectives 96 00:03:35,550 --> 00:03:36,960 of the penetration test 97 00:03:36,960 --> 00:03:39,360 if those boundary devices are becoming too difficult 98 00:03:39,360 --> 00:03:41,310 to bypass or exploit. 99 00:03:41,310 --> 00:03:42,420 This should be accounted for 100 00:03:42,420 --> 00:03:44,070 during your planning for the engagement 101 00:03:44,070 --> 00:03:46,320 by thinking about possible security exceptions 102 00:03:46,320 --> 00:03:49,260 that you may need to ask for as a contingency. 103 00:03:49,260 --> 00:03:51,990 Many organizations have a lot of different security devices 104 00:03:51,990 --> 00:03:54,930 on their networks, including intrusion prevention systems, 105 00:03:54,930 --> 00:03:58,500 web application firewalls, network access control systems, 106 00:03:58,500 --> 00:04:01,140 certificate pinning, and company policies. 107 00:04:01,140 --> 00:04:04,080 Depending on which policies and systems are being utilized, 108 00:04:04,080 --> 00:04:06,720 the penetration tester may need to ask for an exception 109 00:04:06,720 --> 00:04:08,550 to be allowed into one of those systems 110 00:04:08,550 --> 00:04:10,650 to be able to conduct their penetration test 111 00:04:10,650 --> 00:04:13,110 and be able to connect fully to that network. 112 00:04:13,110 --> 00:04:15,390 For example, maybe the penetration tester 113 00:04:15,390 --> 00:04:17,160 was hired to test the application 114 00:04:17,160 --> 00:04:19,079 behind the web application firewall 115 00:04:19,079 --> 00:04:20,910 and not the firewall itself. 116 00:04:20,910 --> 00:04:22,710 In this case, adding an exception 117 00:04:22,710 --> 00:04:25,830 to the web application firewall to allow them to bypass it 118 00:04:25,830 --> 00:04:28,350 would become a reasonable request. 119 00:04:28,350 --> 00:04:30,690 Finally, you need to realize that some networks, 120 00:04:30,690 --> 00:04:33,420 as part of their network access control or NAC, 121 00:04:33,420 --> 00:04:35,790 do require a digital certificate to be installed 122 00:04:35,790 --> 00:04:37,500 on the network device prior to it 123 00:04:37,500 --> 00:04:39,210 being able to connect to the network. 124 00:04:39,210 --> 00:04:41,430 We call this certificate pining. 125 00:04:41,430 --> 00:04:44,250 Now, if they do, you may need to ask the organization 126 00:04:44,250 --> 00:04:45,420 to provide you with an exception 127 00:04:45,420 --> 00:04:47,280 to their certificate pinning policy. 128 00:04:47,280 --> 00:04:49,710 In which case, the organization could provide you, 129 00:04:49,710 --> 00:04:52,260 as the PenTester, an authorized digital certificate 130 00:04:52,260 --> 00:04:54,180 for your workstation in order for you 131 00:04:54,180 --> 00:04:55,410 to connect to their network 132 00:04:55,410 --> 00:04:57,480 without tripping their NAC sensors. 133 00:04:57,480 --> 00:05:00,060 Again, it depends on what they're trying to focus on 134 00:05:00,060 --> 00:05:01,290 during this engagement. 135 00:05:01,290 --> 00:05:03,270 If they're not trying to test the NAC sensor, 136 00:05:03,270 --> 00:05:05,310 it'll be okay to bypass it. 137 00:05:05,310 --> 00:05:06,480 Now, as with a lot of things 138 00:05:06,480 --> 00:05:08,130 in the planning and scoping stages, 139 00:05:08,130 --> 00:05:10,800 there really is no right or wrong answer here. 140 00:05:10,800 --> 00:05:13,200 Other than what you have negotiated and agreed upon 141 00:05:13,200 --> 00:05:14,940 between your penetration testing team 142 00:05:14,940 --> 00:05:16,473 and your client organization. 10995

Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.