CSI6204 Ethical Dilema and Dimensions in Penetration Testing Assignment Sample

• Subject Code : CSI6204
• Subject Name : ethical hacking and defense

Ethical Hacking and Defense

Contents

Introduction.

Proposed Analytical Process/Methodological Approach.

Agreement.

Scope. 

Test Type.

Phases.

Ethical considerations to undertake the pen testing.

Resources Required.

Timeframe.

Conclusion.

References.

Introduction to Ethical Hacking and Defence

It is almost impossible to pick up the newspaper or read something online from your favourite article online from various other sources in current time without looking on other articles about finding theft or credit card number can be stolen from unprotected databases. Crimes related to cyber and the threats related to computer attacks are increasing day by day and thus need for professionals of security that understands about the attackers and how these attackers attack on the network and how this is growing together with the threat. All the agencies of government and private organisations depends on the “ethical hackers” and also known as professional security testers and how they put the network on the test and find out the vulnerabilities prior to attackers do. Of one needs to become a security tester than one needs to have all the understandings of computers and all the basics of networks.

This paper will discus about pen testing engagement for analysis part and propped methodology. This paper will also discuss about the penetration testing and ethical hacking. These are the proactive ways of testing distinct applications of web by attacking and these attacks are same as real attacks that can occur on any day. These attacks are executed in a very controlled manner and they have objective to find the flaws of security as much as possible and to give feedback on how to eliminate the risks generated by these flaws (Oriyano, 2016).

Proposed Analytical Process/Methodological Approach

Agreement

Agreement is the part of the process; an agreement is needed to draw in between the organisation and customer. The agreement will help in providing the scope and nature of the penetration testing that will going to carry out, containing all earmarks that must be recognised. Organizations have to take all the required steps to maintain the operation status of all the confidential system.

There are some points that play the important role and included in the agreement:

• The testing windows of the organisation should have active testing time apart from the business hours also. All the time should be suitable for testing the window.
• The concerned person should be available 24*7 hours of the day so that the business can contact the person if anything goes wrong seriously.
• Obligation of client: it is the duty of client to provide all the necessary information pertinent to client’s computer and network system.
• Payment

Scope

Generally, pen testing is enforced in the organization with the help of software vendor and this vendor takes certain activities (vendor can mimic the activities that can do a hacker) to eliminate or to find out the vulnerabilities of a specific computer system and network. The client’s computer network and system is that much safe as the least link which is least protected, it is vital to test a range of hardware and software. Hence, before taking the testing into consideration, it is important for the organization’s other item also consider such as applications and systems that are required to be tested, what are the access points that required to be tested, are the touch points of the organizations along with the third party offerors required to be tested. Pen tester helps in detecting the information such as network architecture, systems and all other applications, and the profiling of company as well (Weidman, 2014).

The tester can uncover the range of vulnerabilities such as minor issues such as programming codes are not up to date, servers are misconfigured, and major issues like credentials are compromised and exposed the gateways of company inadvertently. These issues can leave the confidential information open for attack. 

The major aim of the tests is to control the issues and make the issues isolate in a good and controlled manner.

Test Type

Black box testing is recommended to use in the organization. Black box testing does not require any prior knowledge about the pen-testing. This is the reason; the black box testing is recommended. This type of testing regulates the vulnerabilities in the applications and systems of the organization that can attacked or hacked by the external network.

Black box testing is the more realistic testing but it also need more time and it has the great potential to overlook the vulnerability that exist in the internal part of the application system or network. A hacker who is real life does not have any limitation of time and the attacker can develop the attack plan in months and can wait for the right time (Infosec, 2019).

Phases

These are six penetration testing methods that are helpful in achieving amazing results. The critical phases of the penetration testing is given below:

1. Gathering information
2. reconnaissance phase
3. identification of vulnerabilities and threat modelling phase.
4. Exploitation phase
5. Post exploitation phase
6. Reporting phase
7. Re testing phase.

Ethical Considerations to Undertake the Pen Testing

It is necessary to carry out all testing going on according to the best practise with organization. Organization should preserve the confidence and trust of the clients. Necessary to sign a non-disclosure agreement by both the parties prior to pen testing and this should be undertaken. The agreement will contain a protection policy of data and a general privacy policy. It is also required to preserve the customer’s integrity, availability and confidentiality. The organisation should not reveal any data about the customer, containing business, operational knowledge, or technical knowledge to any irrelevant party. 

The policy to protect the data will be applied to all the accessed information or recovered information which is recovered while pen testing of the network or system. All the information of the client should be kept secretly and securely till the time to handover the final detail to customer. After giving the final report to the client, all the data stored in the system should be deleted from the computer or all other systems (Faily et. Al, 2019).

Resources Required

The pen testing should be carried out from a laptop or any other professional computer system. The laptop will act as the host machine which has windows 10 interface. Apart from software, the business will be needing the hardware, and word list. The word list will help in cracking the password. This depends on the business that which type of word list it wants to use.

Timeframe

The timeframe is an estimation only and it depends on the business to business. Different phases takes different number of days.

1. Gathering information: it will take around 4 days.
2. reconnaissance phase: will take around 6 days
3. identification of vulnerabilities and threat modelling phase: will take around 7 days
4. Exploitation phase: will take around 7 days
5. Post exploitation phase: will take around 2 days
6. Reporting phase: will take around 14 days

Conclusion on Ethical Hacking and Defence

This paper analysis the plan and outlines the methodology that will be taken by the business to carry out the penetration testing in organization’s system.

References for Ethical Hacking and Defence

7 penetration testing plan to achieve amazing results. (n.d.). Retrieved from https://cyberx.tech/penetration-testing-phases/. Accessed on 16^th of Aug 2020.

Faily, S., McAlaney, J., & Iacob, C. (2019). Ethical Dilemas and Dimensions in Penetration Testing. Retrieved from https://cybersecurity.bournemouth.ac.uk/wp-content/papercite-data/pdf/fami15.pdf. Accessed on 16^th of Aug 2020.

(2019). What are Black Box, Grey Box, and White Box Penetration Testing ? . Retrieved from https://resources.infosecinstitute.com/what-are-black-box-grey-box-and-white-box-penetration-testing/#gref. Accessed on 16^th of Aug 2020.

Oriyano, S.-P. (2016). Certified Ethical Hacker: Version 9 Study Guide, [Version 9]. Retrieved from https://onlinelibrary-wiley-com.ezproxy.ecu.edu.au/doi/book/10.1002/9781119419303. Accessed on 16^th of Aug 2020.

The Practical Testing Execution Standard. (2017). The Penetration Testing Execution Standard Documentation. Retrieved from https://buildmedia.readthedocs.org/media/pdf/pentest-standard/latest/pentest-standard.pdf. Accessed on 16^th of Aug 2020.

University of Iowa. (2018). Penetration Testing Agreement. Retrieved from https://itsecurity.uiowa.edu/sites/itsecurity.uiowa.edu/files/wysiwyg_uploads/penetrationtestingagreement.pdf. Accessed on 16^th of Aug 2020.

Velu, V. K., & Beggs, R. (2019). Mastering Kali Linux for Advanced Penetration Testing [3rd]. Retrieved from https://books.google.com.au/books?hl=en&lr=&id=kQGGDwAAQBAJ&oi=fnd&pg=PP1&dq=penetration+testing+methodology&ots=N-wLyV-azk&sig=ryaV7eKVg-lg9n6dc6bxR4HURK8&redir_esc=y#v=onepage&q=penetration%20testing%20methodology&f=false. Accessed on 16^th of Aug 2020.

Weidman, G. (2014). Penetration Testing,A hands on introduction to hacking, . Retrieved from https://ebookcentral.proquest.com/lib/ecu/reader.action?docID=1931614. Accessed on 16^th of Aug 2020.

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help