Case Study

Case Study

Introduction

By using public networks, public authorities and businesses are exposed to several security risks. Private and public entities have little or no control over the complex communication structures of networks. The security of systems which are connected to public networks can get compromised by anonymous and unauthorized attempts to access them (Federal Office for Information Security, n.d.). Such a situation calls for test methods to be devised from the viewpoint of the attacker to make sure that conditions of test are as close to reality as possible. In technical words, a penetration test is the controlled attempt at penetrating a network or computer system from outside for detecting vulnerabilities and threats. It has the ability to show to what degree IT systems' security is vulnerable to attacks by crackers, hackers and so forth. It also shows whether the security measures employed are sufficiently capable of ensuring fool proof IT network security or not.

Penetration testing employs the similar types of techniques to those that are used in a realistic attack. The test report outlines various procedural and technical measures which can be implemented for mitigating the threats. Appropriate measures are then taken in order to eradicate the threats before third parties exploit them. The test is required to be conducted in an appropriate manner so that it minimizes the effect the test has on the back up devices and systems and the production environments. In 1995, penetration test and methods used for the purpose of testing were devised when the first vulnerability scanner 'SATAN' which was UNIX-based got introduced. In those days, this program was the first tool which scanned computers automatically for identification of threats (Federal Office for Information Security, n.d.).

Overview of technical approach to conducting the test (high level methodology)

An external penetration test will be used for carrying out the process of testing the network. The testing team members will be required to collection details of each device in order to understand the devices thoroughly before the execution of attacks on the network. The details gathered will be utilized for testing devices. External method is necessary to be employed in order to identify the exposure of the servers and devices of the network from the outside. Various tools will be utilized by the members of the team in order to collect information such as ip2 country, trace route, impact PRO's and Neotrace Network penetration tools.

Detailed penetration testing (hacking) process

In this system, routers, database systems, mail servers, firewalls, and DNS server will be tested by external as well as internal testing teams. External testing will be carried out from a PC system to find out whether internet obstacles such as routers and firewalls can be subjugated from the internet. The company will be needed to maintain its configuration of networks as the testing team makes efforts to access routers and firewalls (Verisign, 2004). The team will execute external scanning of the network in order to find out the extent of vulnerability.

Attacks to be used

Testing of firewall will be ...