Penetration Testing

Only available on StudyMode
  • Download(s) : 40
  • Published : November 18, 2010
Open Document
Text Preview
“PENETRATION TESTING”

Manish Bisore, Raghevendra Shukla, Fiona Lawrence OIST BHOPAL, First-Third University
Thakral Nagar, Risen Road INDIA
manishbisore@gmail.com
raghvendra34@yahoo.com fiona_altruist@rediffmail.com

Abstract— In spite of the undeniable progress in the field of Network-Security a system is still not secured from an outside attack as well as an inside attack. Many systems utilize an authentication model as a first line of defense. But still they are penetrated, hence there should exist other measures that are capable of identifying security breaches or recognizing any measures that are indicative of a pre attack scenario and reporting these events to the System security officer.The term network security and information security refer in a broad sense to confidence that information and services available on a network cannot be accessed by unauthorized user. Security implies safety, including assurance of data integrity, freedom from unauthorized access of computational resource, freedom from snooping and freedom from disruption of service. Information security encompasses many aspects of protection like confidentiality, integrity and availability of data.In computer security, the word vulnerability refers to a weakness in a system allowing an attacker to violate the confidentiality, integrity, availability, access control, consistency or audit mechanisms of the system or the data and applications it hosts.Vulnerabilities may result from bugs or design flaws in the system. Vulnerability can exist either only in theory, or could have a known exploit. Vulnerabilities are of significant interest when the program containing the vulnerability operates with special privileges, performs authentication or provides easy access to user data or facilities (such as a network server or RDBMS).In this paper we are describing the reasons why organizations choose to perform a penetration test; they range from technical to commercial like identify the threats facing your organization’s information assets, reduce your organization’s IT security costs and provide a better return on IT security investment (ROSI) by identifying and resolving vulnerabilities and weaknesses,provide your organization with assurance - a thorough and comprehensive assessment of organizational security covering policy, procedure, design and implementation, gain and maintain certification to an industry regulation (BS7799, HIPAA etc)and adopt best practice by conforming to legal and industry regulations.

Introduction

A penetration test is the process of actively evaluating your information security measures. There are a number of ways that this can be undertaken, but the most common procedure is that the security measures are actively analyzed for design weaknesses, technical flaws and vulnerabilities; the results are then delivered comprehensively in a report, to Executive, Management and Technical audiences.

There are several reasons why organizations choose to perform a penetration test; they range from technical to commercial but the most common are: ➢ Identify the threats facing your organization’s information assets so that you can quantify your information risk and provide adequate information security expenditure. ➢ Reduce your organization’s IT security costs and provide a better return on IT security investment (ROSI) by identifying and resolving vulnerabilities and weaknesses. These may be known vulnerabilities in the underlying technologies or weaknesses in the design or implementation. ➢ Provide your organization with assurance - a thorough and comprehensive assessment of organizational security covering policy, procedure, design and implementation. ➢ Gain and maintain certification to an industry regulation (BS7799, HIPAA etc). ➢ Adopt best practice by conforming to legal and industry regulations.

Types of tests:...
tracking img