Question

please briefly describe the three layer model of penetration studies

Answer 1

`Hey,

Note: Brother if you have any queries related the answer please do comment. I would be very happy to resolve all your queries.

1. External attacker with no knowledge of the system.

At this level the testers know that the target system exists and have enough information to identify it once they reach it. They must determine how to access the system. This layer is usually an exercise in social engineering and/or persistence because the testers try to trick the information out of the entity or simple dial telephone numbers or search network address spaces until they stumble upon the system. This type of testing tells very little about the security of the system itself.

2. External attacker with access to the system

At this level, the testers have access to the system and can proceed to log in or to invoke network services available to all hosts on the network. They must then launch their attack. Typically, this step involves accessing an account from which the testers can achieve their goal or using a network service that can give them access to the system or possibly directly achieve their goal. Common forms of attack at this stage are guessing passwords, looking for unprotected accounts, and attacking network servers. Implementation flaws in servers often provide the desired access.

3. Internal attacker with access to the system.

At this level, the testers have an account on the system and can act as authorized users of the system. The test typically involves gaining unauthorized privileges or information. At this stage, the testers acquire a good knowledge of the target system, its design, and its operation. Attacks are developed on the basis of this knowledge and access

Kindly revert for any queries

Thanks.