Академический Документы
Профессиональный Документы
Культура Документы
ISSN: 2321-8169
Volume: 3 Issue: 8
5297 - 5302
___________________________________________________________________________________________________________________
Abstract- The dependence of organizations on networks/Internet for efficient operations and services to customers has made the network security
issues a vital one. In the present paper penetration testing manners and technologies are first surveyed and then analyzed in the real world
context. Penetration testing has been performed mid/large cooperate organization pointing to certain conflicts in the requirements of testing. The
paper also discusses about the processes and methodologies of todays trends that also undergo continuous changes due to rapid technological
developments. Some complications in penetration testing have also been highlighted and requirements for adopting the technique in modified
way have been discussed. The paper further describes different phases of penetration testing techniques and we have also purposed a new
methodology that is able to resolve the shortcoming of existing one. Penetration testing has been performed mid/large cooperate organization
pointing to certain conflicts in the requirements of testing.
Keywords: Penetration, Network Security, Gray box, White box, Black box, Vulnerability Scanning.
__________________________________________________*****_________________________________________________
I.
INTRODUCTION
5297
IJRITCC | August 2015, Available @ http://www.ijritcc.org
______________________________________________________________________________
(b)Risk based
penetration
testing
Vulnerability
Scanning
V.
Types
of
test
1.Penetratio
n Testing
(a)Traditional
penetration
testing
Strength
Its
major
focus
is
in
verifying
technical
vulnerabilities by
using
various
methodologies
Weakness
It is very
labour intensive
and
requires
great proficiency.
Having
proper set
It not only
verifies the
vulnerability but
also explains how
these
vulnerabilities
can gain
enormous access.
It
requires
both
technical
and professional
knowledge
but
mainly concerns
with professional
risks.
and tools.
2.Network
Scanning
3.
It works under
critical situation
of corporate and
application.
It is faster
than vulnerability
and penetration
testing and highly
automated.
It effectively
scans the number
of hosts in the
network
with
minimum cost.
It is highly
automated
but
speed depends on
the number of
hosts scanned.
It not only
identifies but also
provides solution
for
mitigating
known
vulnerabilities
and on regular
basis.
tools is
complex
expensive.
very
and
Usually
insider
works
because persons
must
have
knowledge and
skills
of
corporate
process.
It is essential
to understand the
rules
and
regulations
of
corresponding
body.
It is used in
preceding part of
penetration
testing and not
executed as final
test.
It
involves
expertise skills to
execute result.
Sometimes
identify
only
exterior
vulnerabilities
and is often
unable to detect
recent
vulnerability.
Generally
identified
by
IDS, firewall or
even end users
and as such is not
able to maintain
secrecy.
of
5298
______________________________________________________________________________
Benefits
Penetration testing has become a very important part of
evaluating and ameliorating the security of an organizations
or systems network. The focus of pen testing is to improve
the security of a network seeking to compromise that system
using a technique used by an attacker. There is confusion
between vulnerability scanning and pen testing. A
vulnerability scan determines the faults or problems which
may already exist, whereas pen test evaluates against a real
attack. Penetration test is active and is able to attack a system
and evaluate its readiness. On the other hand vulnerability
scan is passive and it does not identify the significance of an
intrusion and only lists the possible potential vulnerabilities.
The penetration testing is an authorized way to break the
architecture of a system using attackers technique.
Challenges
Though there are many challenges that can provide good
opportunity to find out better solution to disable them and
achieve better quality, major challenges of penetration testing
in todays scenario are as follows:
Limited time pressure- In penetration testing it would take
time to find out vulnerabilities in network and their patch up.
5299
______________________________________________________________________________
NETWORK
PENETRATION
TESTING
ARCHITECTURE
______________________________________________________________________________
COLLECTING INFORMATION/DATA
ABOUT TARGET SYSTEM AND NETWORK
EXPOSURE IDENTIFICATION
NO
DISPOSE UP
YES
______________________________________________________________________________
microsoft.com/.../MicrosoftITAttackAndPenetrationTesti
ngTeamPPT.ppt-2004.
[14] Ron Gula, BROADENING THE SCOPE OF
PENETRATION-TESTING TECHNIQUES Intrusion
Detection Products Enterasys Networks , 1999.
[15] Manish S. Saindane, PENETRATION TESTING A
SYSTEMATIC
APPROACH
www.infosecwriters.com/text_resources/.../
[16] Gunnar Peterson: Security Architecture Blueprint
2006,2007
Arctec
Group,
LLC
Peterson,http://www.arctecgroup.net/.
[17] Tomas Walke: "An Overview Of Penetration Testing
www.megapremium.info/.../an-overview-ofpenetration-testing/ 2010 .
[18] dti information security breaches survey 2006,
technical
report
www.dti.gov.uk/industries/
information_security.
[19] SANS ANALYST PROGRAM, penetration testing;
accessing your overall security before attackers do. ByStephen Northcutt, Jerry Shenk, Dave Shackleford, Tim
Rosenverg, Raul Siles and Steve Mancini. june 2006.
[20] Information security breaches survey 2010, technical
report,
www.infosec.co.uk/files/isbs_2010_technical_report_si
ngle_pages.
[21] N. Y. Hamisi, N. H. Mvungi, D. A. Mfinanga, B. M. M.
Mwinyiwiwa, Member, MIEEE: Intrussion detection
by penetration test in an organization network,
University of Dar es Salaam,P. O. Box 35131, Dar es
Salaam,Tanzania.2nd International Conference on
Adaptive Science & Technology,IEEE 2009 .
[22] Bing Duan, Yinqian Zhang, Dawu Gu :An Easy-todeploy Penetration Testing Platform, The 9th
International lConference for Young Computer
Scientists, IEEE 2009.
[23] An Argument for an automated Penetration testing
framework With a Technical Introduction to CORE
IMPACTwww.coresecurity.com/files/attachments/CORE_IMPA
CT-WhitePaper
[24] Tugkan Tuglular :Test Case Generation for Firewall
Testing
,www.acsac.org/.../ACSAC-WiP06-04Tuglular.
[25] K. K. Mookhey: Risk-based Penetration Testing
Securitybyte
&
OWASP
Confidential,
www.securitybyte.org/.../ .
[26] Computer
Network
Defence
,
Ltd,2010;
www.cndltd.com/
[27] Gray McGraw: Software Penetration Testing, IEEE
SECURITY & PRIVACY 1540-7993/05/
2005,IEEE.
[28] Article: Network assessment, Security Compass2009
,www.securitycompass.com/security.../.
5302
IJRITCC | August 2015, Available @ http://www.ijritcc.org
______________________________________________________________________________