Preview

Assessment of Vulnerabilities in an IT System

Good Essays
Open Document
Open Document
591 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Assessment of Vulnerabilities in an IT System
The most accurate way to assess vulnerabilities in an IT system is by penetration testing, which simulates an actual attack. It can be dangerous to both the targeted organization, as well as the penetration team. Since the testers use the same tools as an actual attacker, systems and networks could really be brought down during the “attack.” One of the biggest advantages to penetration testing is that it tests not only the security of the infrastructure, but the readiness of the response team as well. Even though a more realistic test would be performed during normal working hours when productivity would be affected, even after hours tests could cause problems. A successful attack could bring resources down and it may take time for them to come back up. All penetration testing should be signed off on by management prior to the test commencing. There are several steps that need to take place while planning and executing a penetration test. The first is the planning and preparation stage. During this stage, penetration testers and management personnel should hold a meeting to determine the exact scope, goals, and method of the penetration test. Failure to do this will only result in a list of exploitable vulnerabilities without any type of prioritization or guidelines for the organization. Since these tests can cause networks to crash or connectivity to slow tremendously, it is very important the penetration testers know what kinds of tests are and are not acceptable to management. Legal documents should also be drafted during this time to protect the penetration testers. Since the testing involves acts that would normally be illegal and could compromise confidential information, these documents can outline how the information will be handled, returned and/or destroyed. A liability waiver should also be included to protect the testers from and ramifications of any system damage during the test. After the initial planning, the next step is information
Continue Reading
View Writing Issues

You May Also Find These Documents Helpful

  • Satisfactory Essays

    Is3230 Unit 10 Assignment 1
    • 550 Words
    • 3 Pages

    Is3230 Unit 10 Assignment 1

    Penetration testing should be done to test the network for vulnerabilities. There are several types of penetration testing. “An automated port based scan is generally one of the first steps in a traditional penetration test because it helps obtain a basic overview of what may be available on the target network or host. Port based scanners check to determine whether a port on a remote host is able to receive a connection. Generally, this will involve the protocols which utilize IP (such as TCP, UDP, ICMP, etc.), However, ports on other network protocols could be present as well dependent on the environment (for example, it’s quite common in large mainframe environments for SNA to be in use). Typically, a port can have one of two possible states: open – the port is able to receive data and closed – the port is not able to receive data. A service based vulnerability scanner is one which utilizes specific protocols to communicate with open ports on a remote host, to determine…

    • 550 Words
    • 3 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    Nt1310 Unit 3 Penetration Test
    • 408 Words
    • 2 Pages

    Nt1310 Unit 3 Penetration Test

    To provide the quality that has customers returning for our service, we design the project by doing a penetration test at the end. This is because we assure all our jobs to be secured and free from exploitable vulnerabilities at the end. So, with the penetration test we will simulate a hacker and try everything to break into the network and steal information. If we are able to breach the network we will fix the vulnerability. This will continue until there is no more way for us to get in. The idea behind our strategy is that if we cannot get in, then hacker will not be able to get in either. This signifies a high standard of quality.…

    • 408 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    ISSC342 Assignment5
    • 338 Words
    • 1 Page

    ISSC342 Assignment5

    During the first two phases of the five step process of a cyber-attack a hacker conducts reconnaissance of the target network and scans for any vulnerabilities that could be exploited. (EC-Council, 2009) These vulnerabilities are known as a system’s attack surface. One of the core job functions of Network administrators is reducing this attack surface through a process called system hardening. There a number of techniques that can be used to harden Microsoft clients and servers such as scanning the system with nmap to find any vulnerabilities that comes from having open ports. After the initial scan the administrator should close open ports and uninstall unnecessary services. (Solomon, 2014) Administrators should also run follow up scans with nmap to make sure that there are no ports or services that they may have missed during their first run. Nmap is not the only program that can identify vulnerabilities within a server, the SCW utility should also be used when you are installing new server hardware to check for any unwanted services that may be set to run on the server as a default setting. (Solomon, 2014)…

    • 338 Words
    • 1 Page
    Good Essays
    Read More
  • Satisfactory Essays

    Nt2580 Project 1
    • 492 Words
    • 2 Pages

    Nt2580 Project 1

    For the systems/application domain, we must lessen chances for attacks on our servers. This shall be done by figuring out which ports and services are not being used and shutting them off. This gives hackers less ways onto our system. Also needed is to make sure all servers have the latest patches and updates. These updates provide the latest security patches with less likelihood of vulnerabilities.…

    • 492 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    Nt1310 Unit 6 Paper
    • 712 Words
    • 3 Pages

    Nt1310 Unit 6 Paper

    When proceeding with a Penetration test you must specifically authorize access to X party for conducting Y testing on your network. You should specifically lay out details of what the test will include and not include. When it will be done. What systems they will attempt to breech, what indicators will be done to prove the breech. This will protect both you and the Pen testing company incase something happens during the test or in the future. If a report showing how exactly they breeched your network was released to an outside party and they…

    • 712 Words
    • 3 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    UNIT 1 LAB 1 DEVELOP AN ATTACK AND PENETRATION TEST PLAN
    • 283 Words
    • 2 Pages

    UNIT 1 LAB 1 DEVELOP AN ATTACK AND PENETRATION TEST PLAN

    Explain both the information systems security practitioner and hacker perspectives for performing a penetration test…

    • 283 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    Lab 4 Assessment Worksheet Millers Class
    • 339 Words
    • 2 Pages

    Lab 4 Assessment Worksheet Millers Class

    Identify risks that could lead to an information security breach, Identify vulnerabilities in system security, software operation, network design or employee procedures that could lead to a network failure.…

    • 339 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    Running Case
    • 1080 Words
    • 5 Pages

    Running Case

    My recommendation for this project is have Bonnie and me as the test designer, in which we are responsible for the creation of the test scripts and any scenarios. I will recommend that Tony Prince will be the testing manager and test approver since he is the project manager. As the network specialist, I would utilize Patrick as the project tester. This is where he is responsible for carrying out the test scripts and telling the results. Also I would use him as the project test lead to oversee the testing of the project as well. Lastly, I would recommend that Nancy can be the reviewer who will be responsible for evaluating reports from the tester and making a decision on what actions will take place. By having everyone to do a certain test will…

    • 1080 Words
    • 5 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    Lab 2 Answers Nessus
    • 628 Words
    • 3 Pages

    Lab 2 Answers Nessus

    * Make recommendations for mitigating the identified risks, threats, and vulnerabilities as described on the CVE database listing…

    • 628 Words
    • 3 Pages
    Satisfactory Essays
    Read More
  • Powerful Essays

    Capstone: Security and Project Management Approach
    • 1810 Words
    • 8 Pages

    Capstone: Security and Project Management Approach

    * Gain a better understanding of potential corporate network vulnerabilities that may be visible from the Internet.…

    • 1810 Words
    • 8 Pages
    Powerful Essays
    Read More
  • Satisfactory Essays

    Lab 9
    • 1001 Words
    • 3 Pages

    Lab 9

    Unauthorized access to data centers, computer rooms and wiring closets, servers must be shut down occasionally for maintenance causing network downtime, data can be easily lost or corrupt and recovering critical business functions may take too long to be useful.…

    • 1001 Words
    • 3 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    Testing and Monitoring Security Controls
    • 564 Words
    • 2 Pages

    Testing and Monitoring Security Controls

    Testing and monitoring security controls can come in different factors. Monitoring security is by far important because you need to know what’s going on before you can announce it. Networking abuse is by far the biggest baseline anomaly. For employees who have access to the internet, the network can be used to stream media, to access social websites and to download unauthorized software or free software which has vulnerabilities a long with that.…

    • 564 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    summarise the types of risks that may be involved in assessment in own area of responsibility.
    • 868 Words
    • 4 Pages

    summarise the types of risks that may be involved in assessment in own area of responsibility.

    3.4 summarise the types of risks that may be involved in assessment in own area of responsibility.…

    • 868 Words
    • 4 Pages
    Good Essays
    Read More
  • Good Essays

    Senior Level Experience
    • 1237 Words
    • 5 Pages

    Senior Level Experience

    Aligning with Agile practices, this team works closely with the Development shop and manual testers to understand technical requirements at the release level, identify possible risks when testing and finally, make recommendations on testing approaches. Then the team begins to develop common utility libraries that will be needed for testing as well as designing the drivers needed to execute the features being…

    • 1237 Words
    • 5 Pages
    Good Essays
    Read More
  • Good Essays

    IS4560
    • 486 Words
    • 2 Pages

    IS4560

    1. Why is it critical to perform a penetration test on a web application prior to production Implementation?…

    • 486 Words
    • 2 Pages
    Good Essays
    Read More

Related Topics