Annotated Bibliography on Penetration Testing
Privacy, 3(1), 84-87.
This article looks into the use of penetration testing as a tool utilized in quality assurance and testing application software programs. In every business organization, part of the quality assurance and testing involves checking the various software application programs used by the organization to make sure that they continue to meet the needs of the organization. Quality assurance and testing would often involve the use of a series of different functional tests to ensure the proper implementation and working condition of the application software programs used by business organizations. The information provided in this article will be used to present the value of the use of penetration testing towards the strengthening of the security of corporate networks of business organizations today. At the same time, the information would also be used to present a strategy on how penetration testing will be used to strengthen corporate network security in business organizations.
Bavisi, S. (2009). Penetration testing. In J. R. Vacca (Ed.), Computer and information
security handbook (pp. 369-82). Burlington, MA Morgan Kaufmann Publishers.
This chapter provides an overview on penetration testing. It defines penetration testing as the method of exploiting potential vulnerabilities within a business organizations network and determines which vulnerabilities are exploitable and the degree of information exposure or network control that the organization could expect an attacker to achieve after successfully exploiting a vulnerability (p. 369). This would be the working definition of penetration testing that would be utilized for this paper. It also differentiates penetration testing from computer hacking and provides various strategies and methods that are used to conduct penetration testing to strengthen the network security of business organization, which are pertinent information that will also be used in the creation of the paper to be submitted.
Buzzard, K. (1999). Computer security what should you spend your money on Computers
Security, 18(4), 322-34.
The information presented in this article would be used to show why the use of penetration testing is important as a means of strengthening computer network systems in corporations. Business organizations today now store, process and send large amounts of digital data through large and complex computer network systems. Although these network systems may be considered as complex and up-to-date, the same cannot be said with regards to its security features. Computer misuse has been on a constant rise, primarily due to the fact that it can be carried out without being detected, causing the interception and corruption of huge amounts of data that is being transmitted from one computer to another through the network, resulting the need for measures and methods such as penetration testing to ensure that security within these complex corporate computer network systems would keep sensitive and important data secure during transmission and receiving.
Cohen, F. (1997). Managing network security part 9 penetration testing Network Security,
1997(8), 12-15.
In this article, corporate organizations today have been described to contain vast networks used to conduct daily organizational activities as well as to facilitate the decision making process of management personnel. While much advancements have been done with regards to the technology of the equipment and networks that are used in such corporate organizations, the same does not hold true with regards to the security utilized in these networks to protect the information stored here. As such, there is a need to address the limitations of network security within corporate networks. Thus, the information that is presented in this article would be used to support and provide evidence for the need of the application of penetration testing to strengthen corporate network security in business organization.
Dautlich, M. (2004). Penetration testing the legal implications. Computer Law Security
Report, 20(1), 41-43.
This article presents information that would be used to present the limitations of the use of penetration testing as a means to strengthen corporate network security in business organization. It presents the legal implications that may arise as a result of the use of penetration testing as a means to address vulnerabilities in the network security program utilized in business organization. The article looks into three different statutes where the use of penetration testing may be found to be in violation of. One of which is the Computer Misuse Act of 1990, which considers the incorporation of malware into any computer system to be illegal regardless of the permission provided by the organization. The information provided here would be used to analyze the different methods and strategies used in penetration testing to analyze and present recommendations on how penetration testing may be done without violating this and other statutes presented in this article.
Hurley, C., Rogers, R., Thornton, F., Connelly, D. Baker, B. (2006). Wardriving and
wireless penetration testing. Rockland, MA Syngress Publishing, Inc.
This book provides an overview of the different strategies and methods of conducting penetration testing among wireless computer network systems. More and more business organizations are now utilizing wireless technology for their computer network systems. Apart from providing a definition for penetration testing which can be used to supplement the working definition as mentioned in the article of Bavisi (2009), the book presents the different methods and strategies on how penetration testing can be conducted on computer network systems depending on the operating system utilized in a specific computer networks, speficially Windows, Linux and OS X.
Karyda, M., Mitrou, E. Quirchmayr, G. (2006). A framework for outsourcing ISIT
security services. Information Management Computer Security, 14(5), 402-15.
This article looks into the different technical, organizational and legal issues with regards the use of penetration testing to strengthen corporate computer network systems conducted by third-party ISIT security organizations. Many small and medium-size companies avail of the services of third-party ISIT security organizations to ensure the security of the computer network systems that they utilize. As a result, significant issues regarding to the security and privacy of the companys data have risen, particularly in cases such as the availing of ISIT security services from other countries, especially when penetration testing would be utilized as a means of determining the overall standing of the security and privacy of the computer network systems used by such companies. Not only would this article provide information with regards to the limitations of penetration testing as a viable means to strengthen corporate computer network security. It would also be used to support the potential of penetration testing to be considered in violation of certain statutes and laws presented by Dautlich (2004).
Lanz, J. (2003). Practical aspects of vulnerability assessment and penetration testing. The
RMA Journal, 85(5), 44-49.
There are a number of reasons as to why computer network systems among business organizations have become susceptible to individuals illegally accessing sensitive information and penetrating the network resulting to the corruption of the data that have been stored here. Among these include the failure to manage the security of the computer network used in the organization, the improper configuration of the network system, and excessive trust and privileges provided by members of management. Furthermore, it was determined in a report released by the FBI and SANS Institute that part of the reasons why many computer network systems are attacked is due to certain vulnerabilities within the operating system utilized for the entire computer network. As a result, the use of penetration testing has been considered crucial in strengthening the security of corporate computer network systems since through this, management is able to conduct independent tests simulating various unauthorized access to the computer network system and addressing these weaknesses in order to prevent this from happening. However, the potential of the use of penetration testing is limited by the ability of management to properly supervise such testing done by third-party IT professionals as well as the lack of a standardized set of guidelines for penetration testing to determine the effectiveness, or lack thereof, of the penetration testing done by external testers.
McFadzean, E., Ezingeard, J. N. Birchall, D. (2007). Perception of risk and the strategic
impact of existing IT on information security strategy at board level. Online Information Review, 31(5), 622-60.
This article looks into the perception of senior management with regards to information security and how this impacts the overall security of the computer network system that is used within the organization. While the need to undertake procedures such as penetration testing to ensure the security of computer network systems, there remains to be a lack of understanding on the part of senior management with regards to this aspect. The information provided here in this article would be utilized to further support arguments that would be derived from those mentioned by Lanz (2003) with regards to the limitation of the use and subsequent effectiveness of penetration testing to strengthen computer network systems in business organizations.
Midian, P. (2002). Perspectives on penetration testing. Computer Fraud Security, 2002(6),
15-17.
In this article, the author presents an overview with regards to the vulnerabilities of various computer software programs utilized in business organizations by presenting reasons as to why they occur in both code levels and system levels. Some of the reasons determined for the presence of vulnerabilities in computer software programs include ubiquitous buffer overrun and the inability of the software program to handle error conditions. From here, the article then presents on how through the use of penetration testing, such computer software program vulnerabilities can be found and addressed. As such, the information on this article would provide additional reasons for the importance of the use of penetration testing as a means to strengthen computer network security in business organizations. At the same time, the information presented here will also be used to present methods on how penetration testing can be used to strengthen corporate network security in business organizations.
Moyer, P. R. (1997). Enhanced firewall infrastructure testing methodology. Network
Security, 1997(4), 9-15.
The onset of globalization within the business sector has further increased the demand for the need to heighten corporate network security, particularly when it comes to access to the Internet. As a result, penetration testing towards corporate security networks has been considered to be crucial for many business organizations today. Apart from providing supporting evidence with regards to the importance of the use of penetration testing among corporate computer networks, the article also presents a methodology that can be utilized for conducting penetration testing on the firewall infrastructure systems used in business organizations for upper management to evaluate the overall risk of their respective computer network systems towards malware and hacking that may occur by accessing the Internet.
Pfleeger, C. P., Pfleeger, S. L. Theofanos, M. F. (1989). A methodology for penetration
testing. Computers Security, 8(7), 613-20.
This article presents a systematic approach in the use of penetration testing as a means to strengthen corporate network security in business organizations, which would be used as part of the methods to be presented in the paper to be submitted. The approach presented in the article by the authors include a thorough analysis of the existing software system that a particular business organization is currently utilizing, the creation of a series of hypothesis of the possible flaws in the software system and how this would be remedied, and the subsequent testing to confirm or reject the proposed hypotheses. Through the systematic approach presented in this article, network and information technology engineers would be able to identify which particular parts of the software system that must be secured as well as ensuring that such actions would not be considered as violation of different statutes and laws presented by Dautlich (2004).
Styles, M. Tryfonas, T. (2009). Using penetration testing feedback to cultivate an
atmosphere of pro-active security amongst end-users. Information Management Computer Security, 17(1), 44-52.
This article looks into the limitations of the utilization of penetration testing as a means of strengthening
corporate computer network systems. Although penetration testing may be able to help in the strengthening corporate computer network systems through finding and addressing various weaknesses within the security of a particular computer network system, this would prove to be pointless unless the employees are made more aware and knowledgeable with regards to computer network security. This means that employees must be made aware of their responsibility to ensure that the security within the computer network system would not be breached, which could compromise the security of the entire computer network system. The procedures presented in this article based on the study conducted will also be utilized in the paper on how the limitation of penetration testing may be addressed and remedied.
Tryfonas, T., Sutherland, I. Pompogiatzis, I. (2007). Employing penetration testing as an
audit methodology for the secure review of VoIP tests and examples. Internet Research, 17(1), 61-87.
Voice over Internet Protocol (VoIP) has become a part of the tools utilized by business organizations for conducting business activities. Apart from this being incorporated to corporate computer network systems, its need for the Internet can make the use of VoIP at potential threat to the entire computer network system that can be exploited by hackers which could lead to the loss and corruption of sensitive and important data transmitted and stored by business organizations. This makes VoIP one of the systems where penetration testing can be utilized in order to strengthen corporate computer network systems. However, legal and ethical concerns may limit the utilization of the use of penetration testing to test its security. This model presented in this article provides an action plan whereby penetration testing may be used to test the security of VoIP systems in corporations while still meeting legal and ethical parameters.
Yu, W. D., Radhakrishna, R. B., Pingali, S. Kolluri, V. (2007). Modeling the
measurements of QoS requirements in web service systems. Simulation, 83(1), 75-91.
This article presents a strategy on how penetration testing can be used in order to strengthen corporate computer network security in business organizations. With globalization now the trend in many business organizations, corporate computer network systems are now equipped with web services technology to meet the demands brought about by globalization among business organizations. Here, a software model is presented which can be utilized in order to ensure the quality of service (QoS) of such corporate computer network systems by testing such web service systems. The model provides various techniques with regards to the planning, design, implementation, deployment, operational and maintenance of the overall computer network system from which the process of penetration testing can be evaluated against to present as to it being a viable means to strengthen corporate computer network security among business organizations.
Categories:
0 comments:
Post a Comment