Aiming at Higher Network Security through Extensive Penetration Tests (Aiming at Higher Network Security through Extensive Penetration Tests)

Anestis Bechtsoudis (abechtsoudis@ieee.org)1, Nicolas Sklavos (nsklavos@ieee.org)2


1University of Patras
2Technological Educational Institute of Patras

This paper appears in: Revista IEEE América Latina

Publication Date: April 2012
Volume: 10,   Issue: 3 
ISSN: 1548-0992


Abstract:
Modern enterprise infrastructures adopt multilayer network architectures and heterogeneous server environments in order to efficiently fulfill each organization's goals and objectives. These complex network architectures have resulted in increased demands of information security measures. Each organization needs to effectively deal with this major security concerns, forming a security policy according to its requirements and objectives. An efficient security policy must be proactive in order to provide sufficient defense layers against a variety of known and unknown attack classes and cases. This proactive approach is usually interpreted wrongly in only up-to-date software and hardware. Regular updates are necessary, although, not enough, because potential mis-configurations and design flaws cannot be located and patched, making the whole network vulnerable to attackers. In this paper we present how a comprehensive security level can be reached through extensive Penetration Tests (Ethical Hacking). We present a Penetration Test methodology and framework capable to expose possible exploitable vulnerabilities in every network layer. Additionally, we conducted an extensive analysis of a network penetration test case study against a network simulation lab setup, exposing common network mis-configurations and their security implications to the whole network and its users.

Index Terms:
penetration testing, network security, ethical hacking, proactive security policy,   


Documents that cite this document
This function is not implemented yet.


[PDF Full-Text (312)]