Page 193 - ICDEBI2018
P. 193
I International Journal of Trend in Scientific Research and Development (IJTSRD) ISSN: 2456International Journal of Trend in Scientific Research and Development (IJTSRD) ISSN: 2456nternational Journal of Trend in Scientific Research and Development (IJTSRD) ISSN: 2456-6470 | IF: 4.101
level, after all placed outside the firewall. This level, after all placed outside the firewall. This 2. White Box – This check is termed complete This check is termed complete
will increase the surface of attack. Such will increase the surface of attack. Such know-ledge testing. Testers area unit given full ledge testing. Testers area unit given full
infrastructure has to be assessed often for security infrastructure has to be assessed often for security i info concerning the target network nfo concerning the target network
threats.
2. Identification of what form of resources area unit Identification of what form of resources area unit T
The information will be the host science he information will be the host science
addresses, Domains in hand by the company, ddresses, Domains in hand by the company,
exposed to the outer world, determinant texposed to the outer world, determinant the safety a
risk involved in it, detective work the attainable risk involved in it, detective work the attainable A
Applications and their versions, Nepplications and their versions, Network
sorts of attacks and preventing those attacks.sorts of attacks and preventing those attacks. diagrams, security defencesdefences like IPS or IDS within
the network.
1.2 advantages of Penetration Testingadvantages of Penetration Testing 3. Grey Box – The tester simulates an enclosed The tester simulates an enclosed
1. Proactive identification of the criticality of the Proactive identification of the criticality of the e
employee. The tester is given AN account on the mployee. The tester is given AN account on the
i
vulnerabilities and false positives given by the vulnerabilities and false positives given by the internal network and commonplace access to the nternal network and commonplace access to the
network. This check assesses internal threats fetwork. This check assesses internal threats from
auto-mated scanners. This helps in prioritizing the ed scanners. This helps in prioritizing the n
workers at intervals the corporate.orkers at intervals the corporate.
remedy action, whether or not the vulnerability is remedy action, whether or not the vulnerability is w
to be patched straightaway or not supported the to be patched straightaway or not supported the
I
TESTING ESTING
criticality. 2. STEPS EPS IN N PENETRATION ENETRATION T
P
2. Penetration testing helps compliant the audit Penetration testing helps compliant the audit METHODOLOGY
regulatory standards like PCI DSS, HIPAA and regulatory standards like PCI DSS, HIPAA and 2.1 Preparation for a Network Penetration checkPreparation for a Network Penetration check
GLBA. This avoids the massive fines for nons avoids the massive fines for non- To carry out a thorough penetration testing and create thorough penetration testing and create
compliance. i it a hit, there ought to be a correct goal outlined for a t a hit, there ought to be a correct goal outlined for a
3. A security breach might value heavily to associate A security breach might value heavily to associate penetration tester. A gathering between the gathering between the
degree organization. There could also be a degree organization. There could also be a penetration checker and also the organization which penetration checker and also the organization which
network period resulting in an important business network period resulting in an important business needs a penetration test should be command. The needs a penetration test should be command. The
loss. Penetration testing helps in avoiding these loss. Penetration testing helps in avoiding these meeting ought to clearly outline the scope and also the to clearly outline the scope and also the
monetary falls by distinguishing and adby distinguishing and ad-dressing goal of the check. The network Diagram should be goal of the check. The network Diagram should be
provided to the Pen tester* just in case of a white box rovided to the Pen tester* just in case of a white box
the risks. [4] p
penetration testing to spot all the crucial devices that enetration testing to spot all the crucial devices that
p
Depending on the requirements, there are a unit 2 Depending on the requirements, there are a unit 2 need penetration testing to be done, this is often need penetration testing to be done, this is often not
sorts of penetration testing. needed just in case of a recording machine check.eeded just in case of a recording machine check.
n
1. External Penetration check – This check shows This check shows
what a hacker will see into the network and what a hacker will see into the network and Another vital agenda of the meeting ought to be the Another vital agenda of the meeting ought to be the
exploits the vulnerabilities seen over the net. Here over the net. Here time window and also the period of the check. The time window and also the period of the check. The
the threat is from associate degree external the threat is from associate degree external organization should clearly outline the time window organization should clearly outline the time window
network from web. This check is performed over network from web. This check is performed over which can be its non-business hours. business hours. This is often to
the net, bypassing the firewall. make sure that the Pen tester isn't interrupted and ake sure that the Pen tester isn't interrupted and
m
2. Internal Penetration check – This check shows This check shows conjointly the business of the organization is conjointly the business of the organization is
risks from at intervals the network. for instance, risks from at intervals the network. for instance, unaffected. Thanks to the weird traffic usage by the to the weird traffic usage by the
what threat an interior discontented worker will interior discontented worker will pen check might cause network congestion or might pen check might cause network congestion or might
cause to the network. This check is performed by cause to the network. This check is performed by bring down the network by blinking the sybring down the network by blinking the systems. for
connecting to the interior local area network.connecting to the interior local area network. example, a Denial –Of- Service check meted out on a Service check meted out on a
web payment entry might cause the disruption within eb payment entry might cause the disruption within
w
Depending on the data, there are a unit 3 sorts of Depending on the data, there are a unit 3 sorts of the network and inflicting inconvenience to the the network and inflicting inconvenience to the
penetration testing, Black box, White box and grey penetration testing, Black box, White box and grey purchasers purchasers thereby hereby acquisition cquisition loss oss t to o t the he
t
a
l
box. [6] organization.
1. Recorder – This check is administrated with zero is check is administrated with zero
data concerning the network. The tester is needed data concerning the network. The tester is needed Pen checker ought to ensure that anPen checker ought to ensure that any data or
to accumulate data victimization penetration to accumulate data victimization penetration knowledge obtained throughout the test ought to be knowledge obtained throughout the test ought to be
testing tools or social engineering techniques. The testing tools or social engineering techniques. The either destroyed or unbroken confidential. this is often either destroyed or unbroken confidential. this is often
in public offered info over web could also be in public offered info over web could also be a awfully vital precaution to be taken. The a awfully vital precaution to be taken. The
o
employed by the penetration tester. organization will sue the pen testers otherwise.rganization will sue the pen testers otherwise.
@ IJTSRD | Available Online @ www.ijtsrd.comwww.ijtsrd.com | Conference Issue: ICDEBI-2018 | | Oct 2018 Page: 185
