Penetration Testing After A New Security System Is Implemented

1322 words - 6 pages

Any time a new security system is implemented it needs to be tested thoroughly. Part of the tests that are performed to ensure that the new or prosed system meets the goals set forth by the organization, is penetration testing. Penetration testing involves security professionals simulating “attacks by a malicious external source” (Whitman & Mattord, 2012, p. 551). These tests allow the security professionals to determine points of failure that may not have been identified in vulnerability testing, as well as the criticality of the items defined in the vulnerability tests. These tests can be performed in one of two ways, either with or without knowledge of the organizations information technology infrastructure. These two tests are known as white-box (with knowledge) or black-box (without) tests (Whitman & Mattord, 2012). Penetration testing can also refer to the probing and breaching of physical security in a test situation. There has been quite a bit of literature written on the subject of penetration testing, discussing primarily methods for performing these tests. Some literature deals with new methods of testing that yield the largest amount of data regarding security flaws, while other papers discuss how to perform penetration testing with the least impact on the organization as a whole.
In their 2010 paper for the Annual Computer Security Application Conference, Dimkov and associates discussed how to perform physical penetration using social engineering. Dimkov and associates recognized that certain social engineering situations used in physical penetration testing of an organization can lead to issues within the organization that could lead to lost time or resources. In order to avoid this, Dimkov and associates came up with two methodologies using social engineering to perform these physical penetration tests. The first proposed method is known as the “Environment-Focused Method” (Dimkov, van Cleeff, Pieters, & Hartel, 2010). In this method the custodian of the asset to be procured by the penetration tester is completely aware of the penetration test. However, standard employees are unaware of the test and become a functional part of the test. In this method the custodian will monitor the asset in such a way as to respect the privacy of all employees in the environment being tested, as well as providing a target asset that will not disrupt organizational function. The penetration tester will provide an attack scenario to the security officer and the asset custodian for approval before commencing the attack. During the attack the tester and target asset are monitored closely by these individuals (Dimkov, van Cleeff, Pieters, & Hartel, 2010).
Dimkov and associates’ second methodology, called the “Custodian-Focused Method” (Dimkov, van Cleeff, Pieters, & Hartel, 2010) expands upon the previous method by leaving the custodian out of the loop. In this method the asset custodian and surrounding employees are completely unaware of the...

Find Another Essay On Penetration Testing after a New Security System is Implemented

The HR department of a city library decides to establish a sexual harassment policy after receiving complaints. Develop the Policy and how it should be implemented.

709 words - 3 pages information and confidential advice.IMPLEMENTATIONWe will officially launch our policy at a special staff meeting, where we will endorse it and emphasise that all staff members are required to comply with it.We will schedule at least one day per month to interactive training on sexual harassment, which will be facilitated by an expert.We will ensure that the policy is broadcasted to all employees (including new hires), who will then sign it to

Proposal For a New University Admissions System

2597 words - 10 pages places in September, and 5,000 applications in the days after A level results are announced." If the system was attacked or all data was lost around this time; not only could all the applications be lost; but applications could be compromised. It is equally important that back up of data is addressed. Security should extend beyond the traditional thinking of making the system hacker free; but also include the need for back up devices and the

American Schools Need a New System

1238 words - 5 pages been implemented for both teachers and students in an effort to make an environment conducive to learning. According to Connolly, “The legacy of good instruction, combined with laudable values, is one that, at its best, will continue to tug at the conscience and the inclination of a student long after he or she has left the classroom.” (Connolly P4) The school system should not make students of lower social class feel condemned, instead

Cloud Computing Virtualization – A Threat to Security of the System

2040 words - 9 pages step is to launch a DoS attack on the system, so as soon as server which is running the genuine hypervisor will crash; all the VMs will be migrated to the server which is running infected hypervisor. The infected hypervisor will gain control of its VMs. d. Operating System: Running many operating systems (Guest OS) on a single operating system (Host OS) will bring new problems to existing ones. Every operating system has different security

Need for a New Health Care System

1411 words - 6 pages Need for a New Health Care System      One of the major problems nagging America is the need for a new health care system. The number of uninsured Americans needing medical treatment is rising. Medicare, a major part of the American health care system, is projected to go broke in 2019 according to USA Today?s article, 'Congress refuses to swallow cures for ailing Medicare.' I have seen this ruin people?s pursuit of happiness. I worked in a

Why we need a new election system.

836 words - 3 pages majority of a state and thus was not awarded a single electoral vote.The electoral college has other, more indirect, impacts on the fate of third party candidates. Due to their repeated (and inevitable, under the current system) defeats, any momentum is quickly lost, for few will vote for a party that never wins. Not surprisingly, then, in the 1996 Presidential elections, Perot's popular vote winnings were cut approximately in half.But, even in

VoIP: A New Frontier for Security and Vulnerabilities

2668 words - 11 pages UDP port 1719. H.225 and H.245 are also used for call signaling over TCP port 1720 and data transmission over TCP ports 1000 through 65535 (Mullins, 2005). Security Concerns      As with any new technology of the Information Age which has had groundbreaking implications for the way we communicate electronically, IT managers have been wise to greet voice over IP with some skepticism. After all, VoIP is a service that

This is a policy paper. Social Security.

1542 words - 6 pages just might not getthe promised return. What is needed is a way to stop using the social security fund to payoff other debts and a way to increase the funds without hurting the American people. Notenough people pay attention to what goes on in our government, nonetheless, understandit. We all know that the US spends a ton of money on national defense. I amnot saying that we should not spend a good deal of money, but is it entirely too much.Could

What is a Belief System?

1411 words - 6 pages truly love and believe in my religion.c. The benefits and disadvantages of having your particular belief system.1- Religion gives joy, comfort, pace and tranquility to face life's problems. I do not know how great scientist Stephen Hawking can enjoy life. If his beliefs (no God) are right, after all his suffering in life he knows he will cease to exist after death. And if he is wrong (God exists), he will cease to exist anyway.2- Religion brings a

Is the new policy on steroid testing in Major League baseball morally justified??

955 words - 4 pages are unworthy of remembrance. Major League Baseball and the Players union seem to understand this more and more these days. They have willingly addressed the problems associated with Performance enhancing drugs. They have implemented a new policy with stricter guidelines and established harsher punishments for infractions (Bodley, 2005). Their efforts are designed to bring back the days of magic to Baseball. Baseball was considered wholesome

Is the new policy on steroid testing in Major League baseball morally justified??

958 words - 4 pages and place in history are unworthy of remembrance. Major League Baseball and the Players union seem to understand this more and more these days. They have willingly addressed the problems associated with Performance enhancing drugs. They have implemented a new policy with stricter guidelines and established harsher punishments for infractions (Bodley, 2005). Their efforts are designed to bring back the days of magic to Baseball. Baseball was

Similar Essays

Penetration Testing A Vm Essay

2883 words - 12 pages ). Figure 10-2.2. Home and tmp directory login. After a lot of research it was found that Samba 3.0.23c is vulnerable to a symlink attack. Using a smylink attack enables the viewing of the servers root directory. The symlink attack is performed with Metasploit in msfconsole (msf). Metasploit is a penetration testing tool used to discover security vulnerabilities on a server. All the Samba vulnerabilities are searched using the search smb command

System Failure: Abandoning New Orleans Essay About Whether Or Not It Is Worth It To Rebuild New Orleans After The Hurricane Katrina.

1117 words - 4 pages Orleans should not be rebuilt due to its ongoing health concerns, cost to the economy and its geological location. The first problem that needs to be looked at before anyone can even go back into New Orleans, is the contamination found in the flooded waters.New Orleans was a disaster waiting to happen. Hurricane and flood preparation in the city of New Orleans has always been an issue, even before Katrina struck. Its location is a huge threat, having

A New Way Of Testing Essay

1947 words - 8 pages not able to continue to teach the way they have for so many years, uniformity has sucked the creativity out of teachers. “People who advocate for the NCC standards miss the bigger picture…they come as a package deal with the new teacher evaluations, higher stakes, testing, and austerity measures, including school closings.” Said Jose Vilson, Math instructor in New York, New York. He is explains the NCC as a “series of politicized and insensitive

A High Security System For Databases

1855 words - 7 pages Abstract - The intent of this paper is to give users of database software, a basicunderstanding of the enhanced security capabilities achieved through Hard DiskShadowing over IP networks. The paper discusses the design and implementation of HardDisk Shadowing system over a packet switched Internet Protocol(IP) network. The systemcreates an accurate copy of critical information at two drives simultaneously thusproviding identical failover storage