The Penetration Test Process Possible Causes of Vulnerabilities - 1375 Words

The Penetration Test Process: Possible Causes of Vulnerabilities (Coursework Sample) Content: Penetration Testing PlanName of studentInstitutional AffiliationPenetration Testing Plan 1 EXECUTIVE SUMMARYPenetration testing, also known as Pen Testing, is the process by which an organization checks it vulnerabilities in their system, network or web application to ensure that all the loop holes that attackers can exploit are sealed. It is basically a means to measure the security of the IT infrastructure of an organization.The organization test the vulnerability of their system and exploit the flaws in various sectors of the system such as the Operating System, end-user behavior, and wrong configurations. This tests ensure that the security of the system is adhered to using defensive mechanisms and also the user is updated on the security strategies used. The details of the security issues found during these tests are collected and combined. They are then given to the Network Systems manager for review and solution generation. (Petukhov Kozlov 2008)Diagram 1: The Penetration Test Process (Petukhov Kozlov 2008)Possible Causes of Vulnerabilities * Human errors * Wrong configuration of the system * Problems that may arise in the design stage of the system.Advantages of Penetration Testing * Maintain positive rating of the company * Pen testing can be done during a system upgrade to ensure no vulnerabilities are available * Gives the possibility to assess the network efficiency of the company * Network down time costs is significantly reduced * Gives the opportunity to take care of flaws intelligently(Bacudio et al. 2011)Penetration Testing is done using tools that can discern the flaws in the system automatically. However, these tools might sometimes discern flaws that are not available originally. The major qualities of a proper penetration tester include the following: * Must be able to plan and implement suitable procedures * Maintain a reasonable cost benefit when it comes to selection of tools * Must be up to date with the current securi ty issues * Be able to come up with a comprehensive report of security issues and mitigation measures 2 OVERVIEWInfoTech technologies did a security assessment or penetration testing of WAKE.LTD with the aim of reviewing the security features of their internet infrastructure so as to identify any vulnerabilities of their system and fix them. It thereby considered to change the e-mail and alliance services to be delivered through Cloud Computing services and software. 3 SCOPEThis penetration test was aimed at analyzing the internet infrastructure of WAKE LTD and coming up with a relevant solution to overcome any flaws that were found. The e-mail services currently delivered were found to be vulnerable and at risk of security breach and it was therefore considered to shift this to a more secure Cloud computing service.Objectives of the TestThe objectives of this penetration test will be highlighted based on the category under consideration. That is business, technical and management a spects.Business ObjectivesWhen it was found necessary to eradicate the old system of e-mail services for a much newer cloud service, it became a good move for the client in terms of meeting certain business objectives. The first step in the process was to come up with a plan to on the replacement of the current system with the new one and provide a perfect transition from the old services to the new one without compromising the service provision. (Antunes Vieira 2011)These objectives include the following as outlined below: * To provide a better storage capacity, if possible unlimited storage, in order to retain more e-mail by users. * Improve the system regularly through frequent updates giving users more current service offers. * To provide a faster and more durable search ability. * Expand the companys capabilities when it comes to online activity and social media access.The transition process from the old system to the new one is also vital through careful planning so as not to interfere with the business activities: * Come up with an exit plan that will be done through thorough planning to ensure a smooth transition from the old system to the new one. * A data transfer process that will ensure no data loss from the previously existing data.Technical ObjectivesThe technical objectives of the company from this plan involves a reliable system and at the same time follow the required regulation with a high level of professionalism. The service to be provided also has to be able to be customized in the future if need arises. The objectives based on this guidelines are as outlined: * A service that is sustainable that will ensure the users still have access even when one of the provider location fails. * The ability of the system to have backup and recovery options. * Provide a system that is dependableManagement ObjectivesThe aim of this section is to look at the objectives that management and customer support. * Provide a system that can provide reports for management purposes. * Able to develop invoices for services related to management. 4 ASSUMPTIONSThe solution to this test was developed amid certain constraints that were encountered during the process. The contractor addressed these constraints and assumptions as well as they could depending on the limitations encountered. These constraints were seen to revolve around laws, rules, technological standards and limitations encountered during the entire process (McLaughlin 2011). These constraints include the following: 1 AccessibilityThe company shall give access to the contractor who performs the penetration test depending on the companys access laws and regulations. The company shall at its own discretion limit the access based on the n...