0% found this document useful (0 votes)
3 views10 pages

Vol-7-issue-8-M-03

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
3 views10 pages

Vol-7-issue-8-M-03

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/349077887

Penetration Testing and Vulnerability Assessment

Article · August 2017

CITATIONS READS
32 13,191

6 authors, including:

Irfan Yaqoob Nouman Naseer


Clarkson University University of Stavanger
17 PUBLICATIONS 80 CITATIONS 2 PUBLICATIONS 33 CITATIONS

SEE PROFILE SEE PROFILE

Anees Ur Rehman Rehman


Bahria University Karachi Campus
10 PUBLICATIONS 92 CITATIONS

SEE PROFILE

All content following this page was uploaded by Irfan Yaqoob on 06 February 2021.

The user has requested enhancement of the downloaded file.


Journal of Network Communications and Emerging Technologies (JNCET) www.jncet.org
Volume 7, Issue 8, August (2017)

Penetration Testing and Vulnerability Assessment


Irfan Yaqoob 1, Syed Adil Hussain 2, Saqib Mamoon 3, Nouman Naseer 4, Jazeb Akram 5, Anees ur Rehman 6
1, 2, 3, 4, 5
University of the Punjab, Jhelum Campus, Pakistan
6
University of Engineering and Technology, Lahore, Pakistan

Abstract – The main objective of this research paper is to identify vulnerabilities like PEN-Testing, Black Box Testing, White
common network threats and define countermeasures to prevent Box Testing and Gray Box Testing, XIX is last section where
these threats. In this modern era, all of the persons are using the author conclude this paper with the complete details of the
facility of internet. SECURITY is one of the major issue faced by work of vulnerabilities Assessment and Penetration Testing.
everyone. Everyday professional hackers crack the security and
take the advantage of vulnerabilities to access the top secret and 2. VULNERABILITY
confidential data. To avoid these threats we proposed a solution
named vulnerability assessment and penetration testing (VAPT). Vulnerability in network security is defined as flaw or
In this technique CIA principal are achieved, CIA is abbreviated weakness in the network or system from where any attacker can
Confidentiality, Integrity and Availability. All three goals refer possess into our network or system to exploit. The network or
your data to keep secure and not to go in wrong hands. system containing these vulnerabilities is called vulnerable
Confidentiality refers to the concept of keeping data out of reach network or vulnerable system. More the network system is
of unauthorized persons, integrity refers the data must not be vulnerable; more is the threat to exploit. Because of these
alters in case on unauthorized access and availability refers to the
vulnerabilities numbers of systems are exploit each year.
concept of high availability i.e. data is available to all the users
when needed. So in vulnerability assessment we find week point
Vulnerable network or system may be compromised by
of the system and in penetration testing we proposed how to keep different attacks like, DDoS, DNS Spoofing, DHCP Snooping,
our system secure from hackers and stop possible attacks. This ARP Poisoning, Man-in-the-Middle, Smurf attacks, Buffer
paper gives the best overview of VAPT and describes the different overflow, SQL injection attack and other many cyber-attacks
process and methodology of Vulnerability Assessment and along with a number of malicious attacks including Viruses,
Penetration Testing. Trojan horse, Worms, Malwares and root kits etc. These
Index Terms – Vulnerability assessment, DDoS, ARP, SQL, DNS, vulnerabilities are due to week passwords, software bugs, non-
Spoofing, Asset, Capabilities, Penetration Testing, Web Server, patching of software’s and operating systems. Script code
DHCP Server, Mailing Server, External Penetration Testing, injection spaces etc.
Internal Penetration Testing, Black Box Testing, White Box
Testing, Gray Box Testing, Virus, Trojan Horse, Worm, Privilege
3. VULNERABILITY ASSESSMENT
Escalation Network Security. Vulnerability Assessment (VA) or Vulnerability Analysis
1. INTRODUCTION (VA) or Vulnerabilities the process of scanning the system or
software or a network to find out the flaws and weakness in
Vulnerability assessment, also known as vulnerability analysis that. This also includes series of systematic measures used to
is a process that defines, identifies, and classifies the security review and prioritize security vulnerabilities in a network or
holes (vulnerabilities) in a communication infrastructure, communication system/ or any application service.
network, or a computer. In this paper we will discuss different Vulnerability Assessment helps businesses in the
and important concept of information technology along with determination of security posture of the environment and the
common network attacks and vulnerabilities form where level of exposure to threats.
attacks exploit. This repot also covers penetration testing. What
procedures penetration testing undergo. Scope of Pen-Test,
Pen-Test Approaches, Models, Techniques etc. Pen-Test
formal and standard report formats, case study and
countermeasures to cover vulnerabilities in Pen-Test report are
parts of this report.
This paper is divided into various sections. In section ii, iii and
IV the author will describes what is vulnerabilities and why
vulnerabilities Assessment, in section V and VI the network
vulnerabilities and threat to network vulnerabilities is Vulnerability Assessment play a vital role in every type of
described. The section IX to XVII details the different texts of computer applications, system and infrastructure. Any system
which is providing any kind of computing services may contain

ISSN: 2395-5317 ©EverScience Publications 10


Journal of Network Communications and Emerging Technologies (JNCET) www.jncet.org
Volume 7, Issue 8, August (2017)

vulnerabilities so VA test plays a vital for every kind of Vulnerabilities in our networks welcome attackers to get in
computer application. In computer networks and communication systems to exploit. Here major network
communications, our information use to travel out of vulnerabilities are being listed from typical reviews.
computers so presence of vulnerabilities may compromise our
o Missing patches
whole networks to exploited. If we perform following step then
vulnerability assessment will be more effective Security patches are the software that system developers
provide time to time after their continuous research on
o Classification of Assets, Capabilities, and Resources.
operating systems or software they provide to end users.
o Assigning values and significance of these resources. These patches must be installed on operating systems.
These patches cover any vulnerability in the system. Not
o Identifying vulnerabilities and potential threats to each
needed all patches but recommended patches must be
resource.
installed on core operating systems like servers cover
o Mitigating and eliminating most somber vulnerabilities for related vulnerabilities. For example installation of security
the most important assets, resources and capabilities. updates provided by Microsoft may cover possible
vulnerability present in web server.
o Repeating steps from 1 to 4 in the same order after
prescribed time frame. o Weak or default passwords
The process of vulnerability assess should be performed in a Many systems like Domain Systems, Database Systems,
fixed time intervals (in general quartile basis). In this way Routers, Switches, Firewalls, IDS/IPS, Web Applications
project team easily and timely detect any vulnerability that may along with web servers and other systems like these are
occurs in network system. VA can be as single or the configured with week or default password. These
combination on both automated and manual scan of IT/ passwords can easily be judge and hacked. For this strong
network infrastructure and without VA there is a risk that the passwords and recommended and also avoid from keeping
network is not secured which may result serious exploits. default passwords. For example if we purchase a D-Link
Wireless Access Point for our home usage. It has configured
4. WHY VULNERABILITY ASSESSMENT?
with default username “admin” and default password
The main objective of any organization to make profits towards “admin”. Any attacker has easy access to our wireless
its vision and goals. So organizations have opportunity to network by these password schemes. So passwords must be
deploy Information Technology Infrastructures. After changed and it should be complex so that hacker cannot
deployment of the information technology infrastructure, the access our system.
main aim of any organization is to prevent their communication
o Miss-configured firewall rules
network and secure their confidential information from
unauthorized access. Firewall is the best thing which is used to prevent
unauthorized access, malicious activities are not easily
Therefore vulnerability assessment performs to check out
performed, but some time miss-configuration of firewall
weakness and flaws in a system. Objective of Vulnerability leads to vulnerabilities. These rules may contain serious
Assessment may include System Accreditation, Risk weaknesses that allow unauthorized access in network
Assessment, Network Auditing, Compliance Checking and
systems. So firewalls should be configured according to
Continuous Monitoring. Major cause of vulnerabilities are due
proper standards. OWASP has defined wonderful policies
to weak passwords, flaws in systems, faulty and inappropriate
for firewall configuration as well.
configuration and human errors like, inappropriate permissions
assigned to users, inappropriate network design and devices o Mobile devices
and like this etc. Some business standards institutions like PCI-
Uses of remote cell phones like portable PCs, tablets, PDAs
DSS require organizations to perform vulnerability assessment
represent a most serious hazard in our system framework to
on their network or systems.
get hacked. Almost all mobile devices can store cookies,
5. COMMON NETWORK VULNERABILITIES web passwords, cache passwords; emails containing
sensitive data in have a big vulnerability when connecting
Networks and communication setup are designed to convey our these devices with corporate networks.
information and data between devices. So our data or
information has to travel out of devices like computers, tabs o USB flash drives
and mobile phones etc. Data and information have more threat Use of USB devices are a pattern. These devices may
of get compromised when out of our computers. Data and contain passwords and other sensitive information; if stolen
information may passed from wired or wireless medium. or misplaced can bring us to serious danger, because it

ISSN: 2395-5317 ©EverScience Publications 11


Journal of Network Communications and Emerging Technologies (JNCET) www.jncet.org
Volume 7, Issue 8, August (2017)

contain our confidential data. And there is greater chance Assess: - To determine a major and basic risk profile based on
that these devices contain virus and worms, which affect our assets priority, risk and vulnerabilities.
security walls.
Report:- Measure the level of business hazard related with your
Other vulnerabilities include authentication bypassing, benefits as per your security strategies. Archive a security
plaintext passwords, wireless key enumeration, privilege arrange, screen suspicious action, and depict known
escalation, gaining access, buffer overflow, remote command vulnerabilities..
execution, cryptographic vulnerabilities like weak encryption
Remediate:- fix vulnerabilities according to business risks.
algorithms and keys etc. These loopholes must be covered to
Enable access controls and cover weakness and flaw in network
ensure security.
systems.
6. THREATS TO VULNERABLE NETWORKS
Verify: - Checking whether vulnerabilities that were
Network system having vulnerabilities may bring a great discovered have eliminated. These may be carried out by
number of network threats. These threats include Malware, security audits.
Viruses, Worms, Payloads, Trojan Horses, Spywares, Root
8. PENETRATION TESTING (PEN-TESTING)
kits, Port Scanning, Social Engineering, MAC Address
Spoofing, DoS and DDoS attacks, ARP Poisoning Attacks. Penetration Testing or simply Pen-Testing or Security Testing
These threats can also be categorizes as Untrusted Threats, also known as ethical hacking the technique used to discover
Structured Threats, External Threats and Internal Threats and a vulnerabilities in network system before an attacker exploits.
vast number of cyber-attacks other than these. Every attack has This is the act of gaining access to networks or systems
its own potential towards networks. These attacks can takes resources without the knowledge of user credentials like
place due to presence of vulnerabilities in network of usernames and passwords. Penetration testing report visualize
telecommunication systems. the evidence that vulnerabilities are present in your network or
system from there penetration is possible in. moreover a
7. VULNERABILITY MANAGEMENT LIFE CYCLE
penetration test report is capable to visualize the proactive and
Vulnerability management consists of process named as remedial measures to protect your network and enhance
Discover, Prioritize Assets, Assessment, Reporting, comprehensive defensive strategy. The penetration test report
Remediating, and to verification that vulnerabilities have been also depicts the satisfactory security approaches adopted by our
eliminated. security responsible professionals. These test report are also
often required by security agencies, law-and-order agencies,
information systems auditors and other stockholders.
It is significant to discuss that it is unlike that a pen-tester will
uncover all vulnerabilities in one pen-test report. For example
if a pen-tester has generated a report today it is obvious that it
may no longer be valid after one month. It is because after the
approval of pen-test report by owner, system may have get
patched with new updates which may last a vulnerability in
some web server which may considered secure in last pen-test
report. So maintain a secure infrastructure, constant vigilance
is considered necessary.
9. PEN-TESTING vs VA
In general people believe that Penetration Testing and
Vulnerabilities Assessment are two same term but in actual
Fig: Vulnerabilities Management Life Cycle [5] these two terminologies have difference up to some extent.
Vulnerabilities Assessment is defined as automatically identify
These steps have been further elaborated given as under. weakness of the system via a software rather manually whereas
Penetration testing mainly refers to a form of stress testing
Discover: -Discover means having proper record network
which exposes weakness in a vulnerable networks and sets
assets, operating systems and other devices, list all
standards to cover these vulnerabilities in the network.
vulnerabilities on a regular schedule.
Vulnerabilities assessment process stops just before the system
Prioritize: - Categorize and assign values to those assets is compromised whereas break in as far as the scope of the
according to their importance and need in business operation. agreement.

ISSN: 2395-5317 ©EverScience Publications 12


Journal of Network Communications and Emerging Technologies (JNCET) www.jncet.org
Volume 7, Issue 8, August (2017)

Penetration tests are important for a number of reasons like:- vulnerabilities discovered hence there is no way of knowing the
risks that are presented to network system based on those
o Determining the possibility of particular attacks to take
vulnerabilities. We may divide why to perform penetration
place.
testing from different perspectives i.e. Business Perspective
o Discover high risk vulnerabilities resulting from low risk and Operational Perspective.
vulnerabilities.
a) Business Perspective of Penetration Testing
o Identifying vulnerabilities that may be difficult or impossible
Penetration testing secure IT infrastructure against failure
to detect with general scanning software.
by preventing financial losses. Organizations do spend
o Identifying magnitude of a successful attack to a vulnerable millions of dollars from information security breaches on
network. notification costs, remedial measures after system
compromises for security which further lead to deceased
o Testing capabilities of network defenders to detect and
productivity and lost revenue. So penetration testing is used
response to network attacks.
to identify and nominates the possible risks of the
o Provide evidence to increase allocations in security budgets. organization and in this way organization secure his assets
and confidential data from unauthorized access and secure
Before launching a new system it is highly recommended that his information . Authenticated industry standards have
it should be tested first so that to check any vulnerability in the mandated as regulatory requirements for computing
system. By this practice lots of vulnerabilities are identified security systems, in case noncompliance heavy fines or
before the system launching to avoid serious exploits. The other penalties may be imposed on those organizations
Payment Card Industry (PCI) Data Security Standard (DSS) during IT security audit processes.
define Penetration Testing Standards. At least these standards
are required to get meet for satisfactory pen-testing approach. If an organization compromise on security, it will bring
them to a serious trouble some time it may leads to loss of
Let us consider comparison from another aspect as in tabular customers’ confidence, challenges in marketing strategies,
description. and dishonor of other stockholders and even failure of entire
Vulnerability Penetration business. The study of CSI has estimated that the recovery
Assessment Testing may costs approximates up to $167700.00 per incident
which is very huge amount. Penetration Testing assesses
Attributes List-oriented Goal-oriented value of existing security products and provides the
Type of Prioritized list of Specific supporting opinion of future investment in information
Reports vulnerabi-lities information of technology security mechanisms. PT can provide an
categorized by critica-lly what data was evidence of issue and solid proposal of investment in IT
for remediation compromised and security.
vulnerabilities b) Operation Perspective of Penetration Testing
exploited
Penetration testing guides us to determine security procedures
Purpose Identify security Determine through appropriate vulnerabilities identification and
vulnerab- ilities in system whether an assessment procedures. This will help us for the elimination of
that may be exploited application can threats and risks, corrective and preventive measures, quickly
withstand an real potential vulnerabilities. Through Penetration testing we
intrus- ion attempt can fine tune or patch to proactively eradicate the risks that
10. WHY PENETRATION TESTING? have been identified during the process of vulnerabilities
assessment.
Once I wrote a blog on the topic of penetration testing; almost
all the reader asked me this question “Why Penetration Testing 11. WHO TO PERFORM PENETRATION TEST?
is so important”? The answer can be given in a number of ways PCI DSS does not entail that QSA or ASV to execute a
however the precise answer that I love is “the process of penetration test. PCI DSS requires performing this test by
finding vulnerabilities in networks and fix then before an either expert internal resource or expert third party. If internal
attacker attacks”. Penetration testing is very much important resources are to perform this test then these professionals must
and it ensures that organization’s network is safe and up to date be well equipped and well qualified. Usually these professional
in meeting security standards. So by escaping to perform are separate from the system for which penetration testing is
penetration test in systems is attempting to leverage the being performed. For example a network administrator should

ISSN: 2395-5317 ©EverScience Publications 13


Journal of Network Communications and Emerging Technologies (JNCET) www.jncet.org
Volume 7, Issue 8, August (2017)

not be engaged to perform penetration test of his own domain. phishing, overflows, exploit, password and hijack attacks etc.
Same case for other network domains like firewall, domain To secure virtual assets is more challenging for vulnerability
services or web services. Beside of these, at least following assessment and penetration testing than physical assets. So
capabilities make comparatively good penetration testing virtual assets is more challenging than physical assets. More
professional. than 80% energies are expended in protecting these virtual
assets as compared protecting physical assets.
o Complete knowledge of Operating systems.
Besides above mention penetration testing types we classify
o Professional in networking technologies including OSI,
penetration testing in some other way. Penetration testing i.e.
TCP/IP, DHCP, DNS, Routing, Switching, Snooping,
Physical PT, Network PT and Social Engineering PT. Network
ARP/RARP, STP/RSTP, all network security threats and
Penetration testing is related to flaws or week point of
attacks and all other areas which are not discussable here.
networks, this testing helps to identify flaws of network. Series
o Vast knowledge of scripting, BAT or VB Scripting. of test are applied on network devices like modems, switches,
routers, remote access devices, IPS/IDS, Firewalls and other
o Must know about system programming, network
devices in network to scan the network.
programming and low level programming like assembly
language. On the other hand, application penetration testing is used to
identify an application’s security controls by highlighting risks
o Deep knowledge with cores or network firewalls and proxy posed from potential vulnerabilities in applications. Firewalls
servers. Access control using these resources. After
and other traffic monitoring systems are used by organization
mastering these basics, one can move to PIX or ASA
to protect information whereas security threats still exist due to
firewalls.
a number of hidden vulnerabilities which is needed to be
o Deep understanding with IPS and IDS. How to use these explored and system should be protected.
devices to secure our networks and what are dimensions of Social Engineering plays a vital role to identify security threats
these devices.
to organizations. Social Engineering involves human
o Knowledge of computer forensic domain. interaction to compromise information about computer system
of an organization. So Social Engineering Penetration Testing
o Must be database expert and at home in handling all process determines the level of security awareness among
complex level problems in Database Management Systems workers that directly and indirectly own IT systems of the
and System Analysis. organization. Social Engineering penetration test also check
12. PENETRATION TESTING TYPES that at what extent an organization’s workers can exploit
organization’s secrets that is dangerous for current system.
Mainly there is two type of Pen-Testing, Physical Penetration
Testing and Virtual Penetration testing. Physical includes 13. PEN-TESTING METHODOLOGIES
tangible assets like Data Centers, Servers, Routers, Switches, There are three known strategies of penetration testing that
CCTV Systems, Security Barriers and Security Guards etc. in profession testers use to adopt. These methodologies include
this type penetration testers use to assess security loop holes Black Box, White Box and Gray Box Penetration Testing.
that may exists in accessing IT gadgets physically. Illegal or
unauthorized people have no access to these gadgets like Data a. Black Box Testing
Centers, Equipment and infrastructure. So a proper policy and
A testing technique in which tester does not know the internal
standers are required to be defined regarding physical assets.
design or structure of the target. They have to check for
Other natural disaster proofing falls also in physical penetration incorrect or missing function or interface error. This strategy is
testing. It is needed to outcome that our building where core similar to blind test and like procedures adopted by real
network infrastructure exists must be proofed in case flood,
attacker who has no idea and information regarding the
earthquake, heavy rain, storm, fire and even Cooling of Data
organization’s network.
Centers Equipment, Humidity etc.
b. White Box Testing
In Virtual penetration testing we are testing intangible assets
which may be Operating Systems, Software’s, Web Servers, In white box penetration testing approach, testers has complete
IOS, Firewalls, Databases and other virtual assets in a business knowledge about the target. Tester has full knowledge of
organization. Mostly cause of network attacks are due to internal working of system Generally tester and developer
vulnerabilities in virtual infrastructures. These attacks are often work together to perform this kind of test where all information
software lever attacks which include, DoS/DDoS, Spoofing, provided to the team prior of running test. This information
DHCP Snooping, ARP Poisoning, Database Injection,

ISSN: 2395-5317 ©EverScience Publications 14


Journal of Network Communications and Emerging Technologies (JNCET) www.jncet.org
Volume 7, Issue 8, August (2017)

may include paths, credentials, procedures, addresses and 15. PHASES OF PENETRATION TESTING
protocols etc. that are being used in organization’s network.
There is no hard and fast rule of conducting penetration testing
c. Gray Box Testing with respect to phases of conducting penetration test however
common phases that every tester must have to go through are
Gray box testing falls between black and white box testing in
1. Reconnaissance, 2. Execution, 3. Discovery. These three
which somewhat knowledge of the internal working of target
steps are baseline of each penetration test however these phases
is known to tester. Usually testers does not provided all
are further divided into sub phases for convenience of
information for the target however they need to gather further
penetration testers. I recommend seven phases of a professional
information required by their own before conducting the test.
penetration testing on a target network.
Where, there penetration testing strategies are being discussed,
it is necessary not to ignore two important penetration testing
strategies that are Internal and External Penetration Testing.
External penetration testing techniques involve tests on the
target using procedures performed from outside of the
organization. External Penetration testing is done to the
possibilities of external hacker can get in and how far he can be
able to gain access to organization’s internal structure.
Internal penetration testing is performed from inside the
organization’s network that own test target. This strategy is
used to find out up-to what extent a disgruntled employee can
cause the damage to the organization. Internal penetration
testing checks out the potential of harmfulness if organization’s
network successfully penetrated by an authorized inside user
with assigned privileges.
14. AREAS OF PENETRATION TESTING
Penetration Testing is done in almost areas of information
technology. As the whole IT revolves around data and Fig: Phases of Penetration Testing [12]
information of the business. So data at every stage in every area
is not perfectly safe. However major Penetration Test areas Planning: In Planning phase scope of the test is determined,
have discussed as under. Like in which system test is to be done , how it should be done
and who will perform this test , what will be the time frame,
o Physical Penetration Testing what should be the benefit to the organization , all these things
o Software Penetration Testing are checked in planning phase of Pen-testing
o Database Penetration Testing Reconnaissance: After the scope of the test is done, this is the
second phase in which Information gathering about target
o Network Penetration Testing network. Information as much as possible are gathered in this
o Web Penetration Testing phase. This is a complete phase which may consist of
identifying target network status, operating systems, IP
o Wireless Network Penetration Testing addresses range, open ports, domain name, DNS, DHCP, Wifi
o Social Engineering Penetration Testing Key, Mail Server Records etc. Host Finger Printing, Port
Scanning, Network Mapping, Network Enumeration are
o Cloud Penetration Testing usually considered in reconnaissance phase.
o Operating Systems Penetration Testing Exploration: This is the third phase that deals with exploring
o Mobile Devices Penetration Testing the entire network based on necessary information gathered in
reconnaissance phase. More precise to the network services.
This research has scoped to Network Penetration Testing. Like checked opened ports in last step. Using opened ports, the
Network Penetration Testing is consider to be a very important tester enters the network and explore the network more deeply.
task and is very common among all areas of Information Testers scans the network for discovering network devices,
Technology. firewall rules, users accounts and access control etc.

ISSN: 2395-5317 ©EverScience Publications 15


Journal of Network Communications and Emerging Technologies (JNCET) www.jncet.org
Volume 7, Issue 8, August (2017)

Exploration include host exploration, services identification o OISSG (Information Systems Security Assessment
and platform identification etc. Framework)
Vulnerability Assessment: Vulnerability is a path through o PCI DSS v3.1 (Payment Card Industry Data Security
which threats are revealed. Vulnerabilities are actually Standard)
weakness in the system. Vulnerability assessment is the
o ISO/IEC27001:2005(Information Security Management
process of computing, ranking and pinpointing the
Systems)
vulnerabilities in the system. Penetration testers may use
automated tools for known vulnerabilities. These tools are o ISO/IEC 27005:2008 (Information Security Risk
helpful by having updated databases for latest vulnerabilities Management)
and their details.
17. PENETRATION TESTING TOOLS
Exploitation: This is most difficult phase in penetration testing
However number of tools are used for penetration testing, but
which deals with attacks to the target network. The penetration
we discuss few of them in details. Different tools are popular
tester tries to exploits for different vulnerabilities discovered in
to perform different kind of tasks in different domains. These
last phase. Privilege Escalation in considered sub part of
tools are designed for specific purpose in used in specific
exploitation phase in which usually attacker takes advantage of
programming bugs or design loopholes to crawl to the domain. No single tool is capable to do all tasks in penetration
privileged access that are usually protected general users and testing. All these tools are used together which are then helpful
for successful penetration testing report. Different flavors of
applications. The system having more privileged accounts can
Linux have designed specifically for Network / Information
be exploits up to more extent.
Security Assessment however Back Track 5.0 and Kali Linux
Reporting and Recommendation: This last phase in which have specifically designed and developed for this purpose.
documentation is done by testing team. This is final document These are bootable operating systems that include lots of tools.
on which all the phases based. The main object of penetration Some tools are given as under.
test is to point out all flaws and weakness in a network or a
o Nmap: Nmap (Network Mapper) is known as the World's
system that have covered in last phases. Final report should
best security scanner. It is used to determine hosts and
cover all phases’ activities including a cover sheet, executive
services on a computer network. It is free tool available in
summary of vulnerabilities found in the network, threats
imposed from these vulnerabilities, list of tools used and most both Back Track and Kali Linux. It is used to discover
important final recommendation after overall examination of network discovery, port scanning, host discovery, version
detection, OS detection etc. Typical Nmap is used for
test report. Upon final recommendation covered in the report,
auditing the security of devices or firewall, network
values of threats and mitigation of threats are discussed. Final
inventory, discover open ports on a target host, auditing the
recommendation phase must be done with upper level
security of network, finding and exploiting vulnerabilities in
management in which preventive proposals are provided
against founded vulnerabilities. the network. It is also used to find host discovery, post
scanning and version detection. Nmap uses raw IP packets to
16. PENETRATION TESTING STANDARDS find out what hosts are available, what kind of services are
being offered by those hosts, what operating systems and
Following is the list of professional standards and certifications
their versions are running on hosts, what kind of firewalls are
regarding penetration testing. These organizations are well
installed as well as a number of other parameters. It can work
known and are accredited throughout the Information Security
best in all operating systems in both GUI and Command Line
World.
utility. Nmap has a number of variations like Zenmap, Ncat,
o EC-Council LPT (Licensed Penetration Tester) Ndiff and Nping for different tasks associated to each.
o OSTTMM(Open Source Security Testing Methodology o Nessus: Nessus is top rated network vulnerability scanner
Manual) developed by Tenable Network Security. Initially it was free
and open source software designed to run only on Linux OS
o PTF (Penetration Testing Framework)
however, later on from 2008, it available with cost and can
o OWASP(Open Web Application Security Project) run on MAC OS, Windows OS, Free-BSD platforms. It is so
powerful vulnerability scanner, and according to a survey in
o ISSAF (Information Systems Security Assessment
2005 this tool was used by almost 75000 organizations. It is
Framework)
a web based tool used to scan DOS against TCP/Ip, default
o WASC-TC(Web Application Security Consortium Threat password, vulnerability that allow a remote hacker to control,
Classification) preparation of PCI DSS audits and misconfiguration.

ISSN: 2395-5317 ©EverScience Publications 16


Journal of Network Communications and Emerging Technologies (JNCET) www.jncet.org
Volume 7, Issue 8, August (2017)

Penetration Testing totally resembles the process of hacking


into networks but only the difference is that hacking is a crime
o Metasploit Framework: Metasploit Framework is a open
that is done illegally whereas penetration testing is conducted
source tool that provide information about security flaws and
in a legal way, because it is done by hackers by the permission
vulnerabilities and help in penetration testing. It can also be
of that owner of the system. Different countries have settled
employed to test vulnerabilities in network system. It is
codes of laws for hackers. The owner the network employee
available free of cost and runs on almost all versions of
pen-testers to dig out all the possible holes in order to mitigate
UNIX and Windows. Metasploit Framework provides attack
hacking attacks. It is very pertinent for both parties to sign
payloads, attack libraries that can be put jointly for modular
mutual agreement before observing a penetration test. The
approach. Main purpose of Metasploit Framework is to get
agreement may have following clauses.
access to command prompt of computer in targeted network.
Once command prompt is accessed it is very easy for even o Written Permission: Before conducting a pen test, both
hacker to have all controls over that target. Once; from parties sign on written documents. Testers should have to
hacker’s point of view; the system is accessed, he can document all of the processes of penetration test. This will
execute code for easier access to target next time. protect testers from any legal issue in future.
o Wireshark: Wireshark originally named as ETHEREAL is o Damage Control: While performing pen testing, there
another excellent and unique tool based on its specific use should be the chance of damage in the network. So the
and nature. This is another multi-platform, open source testers must have to notify customer about potential harm
network platform analyzer which is used for troubleshooting or incidental damage that may occur during the test. Testers
analysis of a network. Wireshark is used for viewing of TCP do not take liability in case incidental harm of record or
streams in the network. Wireshark supports a vast variety of deletion of data etc.
protocols and media types.
o Scope of Work: Pen-Testers must have to define scope of
o Aircrack:- Aircrack is a tool to access WIFI network secuity. work defining external and/or internal vulnerabilities
It intelligently can crack 802.11 a/n/g wireless networks. It assessment. Scope also consists of networks, what systems,
uses best wireless cracking algorithms to recover WiFi Keys what devices will be performed test on, how much time is
by examining even encrypted packets. Aircrack has a required etc.
number of tools like Airodump, Aireplay, Aircrack-ng and
o Professional Approach: Professional technique and
Airdecap for different assignments.
approaches are performed by pen-tester to find the possible
o Cain & Abel: - It a password recovery tool for Window. This vulnerability in the network. Also priory defines what kind
is known windows only password recovery tool. It recovers of service is needed by the owner like just port scanning or
password using technique like network sniffing, cracking exploitation etc. It is not good to make promises of digging
encrypted password by dictionary attacks, bruit-f0rce hills.
attacks, sniffing VOIP communications, decoding scrambled
o Premises and Jurisdiction: In this section it is clearly
passwords, uncovering cached passwords alongwith analysis
defined that where is venue to perform the pen-test.
of routing protocols being used in the network in well
Different countries may have different Cyber Laws so
documented manner. It has some additional feature like WEP
performing test in America may be a legal issue that in
cracking calculating hashes.
Germany.
I think pertinent to at least name other very important network
o Privacy Issue: As the pen tester penetrate into the system or
penetration testing tools like Snort, NetCat, TCPDump, John
network, so they access confidential data and other
the Ripper, Kismet, OpenSSH/PuTTY, Brup Suit, Nikto,
database, so he should not compromise on privacy issue of
Hping, Ettercap, Sysinternals, W3af, OpenVAS, Scapy, THC
that organization.
Hydra, Paros Proxy, NetStumbler, WinDump, Network
Security Toolkit, OWASP Mantra etc. Each tool among these Besides all above cited clauses are in favor of penetration
has specific usage in specific scenario and is being widely used testers, pen-testers are also expected to be ethical during and
in penetration testing and hacking procedures. after a successful pen-test. Usually, computer users are not
technical and they rely on the technical professionals so
18. ETHICAL AND LEGAL ISSUES
penetration testers are also needed to act as doctor not a thief.
However Penetration Testing also known as ethical hacking is Because of this, information and network security is being
the process of exploring weakness in a network in order to find monitored and governed by authorized organizations that have
out all possibilities and loopholes from where attackers provided licenses and certifications that guarantee technical
penetrate into the network system and exploits. In actual competency along-with ethical considerations of licensees.

ISSN: 2395-5317 ©EverScience Publications 17


Journal of Network Communications and Emerging Technologies (JNCET) www.jncet.org
Volume 7, Issue 8, August (2017)

19. CONCLUSION [11] Umrao, S. A. C. H. I. N., Kaur, M. A. N. D. E. E. P., & Gupta, G. K.


(2012). Vulnerability assessment and penetration testing. International
In this article we mainly emphasized on and vulnerability and Journal of Computer & Communication Technology, 3(6-8), 71-74.
pen testing that provide security and ethical way to evaluate [12] Knowles, W., Baron, A., & McGarr, T. (2015). Analysis and
recommendations for standardisation in penetration testing and
and determined the system and network weakness and flaws. vulnerability assessment: penetration testing market survey.
Missing patched, weak or default passwords, opened [13] Fonseca, J., Vieira, M., & Madeira, H. (2008, December). Training
unnecessary ports, miss configured firewalls and other security assurance teams using vulnerability injection. In Dependable
networking devices, mobile and USB devices are common Computing, 2008. PRDC'08. 14th IEEE Pacific Rim International
Symposium on (pp. 297-304). IEEE.
vulnerabilities, so penetration testing first points out these [14] Austin, A., Holmgreen, C., & Williams, L. (2013). A comparison of the
vulnerabilities then provides solutions to cover these efficiency and effectiveness of vulnerability discovery
vulnerabilities. Penetration testing can be performed externally techniques. Information and Software Technology, 55(7), 1279-1288.
and internally among three types as Black Box, White Box and [15] Finifter, M., Akhawe, D., & Wagner, D. (2013, August). An Empirical
Study of Vulnerability Rewards Programs. In USENIX Security
Gray Box in a number of defined phases includes Planning, Symposium (pp. 273-288).
Reconnaissance, Exploration, Vulnerabilities Assessment,
Authors
Exploitation, Reporting and Recommendation. There are
several tools to conduct a penetration test like Nessus, Nmap, Irfan yaqoob
Metasploit and Cain & Abel etc. Each tool has expertise in Research Officer at Punjab Information Technology
Board,
specific area like Nmap is best in port scanning and Metasploit Field of Study: Software Quality Assurance, Soft.
is best in exploitation etc. Penetration testing is similar in sense Engineering,
of hacking process hence penetration testing is legal while BS Computer Science
hacking is illegal. Penetration testing is observed upon the
demand of owner whereas hacking is getting in networks
illegally and is a crime. Hence penetration testers are hoped to
be ethical which conducting tests. Saqib Mamoon
Research Scholar, Entrepreneur.
REFERENCES Field of Study:
Artificial Intelligence, Machine Learning and Deep
[1] Xynos, K., Sutherland, I., Read, H., Everitt, E., & Blyth, A. J. (2010). Learning.
penetration testing and vulnerability assessments: A professional BS Computer Science
approach.
[2] Arkin, B., Stender, S., & McGraw, G. (2005). Software penetration
testing. IEEE Security & Privacy, 3(1), 84-87.
[3] Fonseca, J., Vieira, M., & Madeira, H. (2007, December). Testing and
comparing web vulnerability scanning tools for SQL injection and XSS
attacks. In Dependable Computing, 2007. PRDC 2007. 13th Pacific Rim
International Symposium on (pp. 365-372). IEEE.
[4] Du, W., & Mathur, A. P. (2002). Testing for software vulnerability using
environment perturbation. Quality and Reliability Engineering
International, 18(3), 261-272.
[5] Reddy, M. R., & Yalla, P. (2016, March). Mathematical analysis of
Penetration Testing and vulnerability countermeasures. In Engineering
and Technology (ICETECH), 2016 IEEE International Conference
on (pp. 26-30). IEEE.
[6] Du, W., & Mathur, A. P. (1998). Vulnerability testing of software system
using fault injection. Purdue University, West Lafayette, Indiana,
Technique Report COAST TR, 98-02.
[7] Bacudio, A. G., Yuan, X., Chu, B. T. B., & Jones, M. (2011). An
overview of penetration testing. International Journal of Network
Security & Its Applications, 3(6), 19.
[8] Bau, J., Bursztein, E., Gupta, D., & Mitchell, J. (2010, May). State of the
art: Automated black-box web application vulnerability testing.
In Security and Privacy (SP), 2010 IEEE Symposium on (pp. 332-345).
IEEE.
[9] Goel, J. N., & Mehtre, B. M. (2015). Vulnerability assessment &
penetration testing as a cyber defence technology. Procedia Computer
Science, 57, 710-715.
[10] Shah, S., & Mehtre, B. M. (2015). An overview of vulnerability
assessment and penetration testing techniques. Journal of Computer
Virology and Hacking Techniques, 11(1), 27-49.

ISSN: 2395-5317 ©EverScience Publications 18

View publication stats

You might also like