Network Security Assessment Using Internal Network Penetration Testing Methodology

Deni Satria - Politeknik Negeri Padang, Indonesia
Alde Alanda - Politeknik Negeri Padang, Indonesia
Aldo Erianda - Politeknik Negeri Padang, Indonesia
Deddy Prayama - Politeknik Negeri Padang, Indonesia


Citation Format:



DOI: http://dx.doi.org/10.30630/joiv.2.4-2.190

Abstract


The development of information technology is a new challenge for computer network security systems and the information contained in it, the level of awareness of the importance of network security systems is still very low. according to a survey conducted by Symantec, the desire to renew an existing security system within a year within a company has the result that only 13% of respondents consider changes to the security system to be important from a total of 3,300 companies worldwide as respondents. This lack of awareness results in the emergence of security holes that can be used by crackers to enter and disrupt the stability of the system. Every year cyber attacks increase significantly, so that every year there is a need to improve the security of the existing system. Based on that, a method is needed to periodically assess system and network security by using penetrarion testing methods to obtain any vulnerabilities that exist on the network and on a system so as to increase security and minimize theft or loss of important data. Testing is carried out by using internal network penetration testing method which tests using 5 types of attacks. From the results of the tests, each system has a security risk of 20-80%. From the results of these tests it can be concluded that each system has a security vulnerability that can be attacked.

Keywords


Penetration testing; network security; vulnerability;network

Full Text:

PDF

References


Gupta, A., Kavita, & Kirandeep, K. (2013). Vulnerability assessment and penetration testing. International Journal of Engineering Trends and Technology, 4(3), 328.

Felderer, M., Büchler, M., Johns, M., Brucker, A. D., Breu, R., & Pretschner, A. (2016). Chapter one-security testing: A survey. Advances in Computers, 101, 1–51.

Hamisi, N.Y., Mvungi, N.H., Mfinanga, D.A. and Mwinyiwiwa, B.M.M., “Intrusion detection by penetration test in an organization networkâ€, ICAST 2009.

Kaur, M. S., & Singh, M. S. (2016). Penetration testing management. International Journal of Advanced Research in Computer and Communication Engineering, 5(3), 171–177.

Klı´ma, T. (2016). PETA: Methodology of information systems security penetration testing. Acta Informatica Pragensia, 5(2), 98–117.

Mattadi, E., & Kumar, K. V. (2015). Evaluation of penetration testing and vulnerability assessments. International Journal of Electronics Communication and Computer Engineering, 6(5), 144–148.

Pritchett Willie L, S. D. (2013). Kali Linux Cookbook. Birmingham,UK: Packt Publishing Ltd.

Endraca, A, King, B., Nodalo, G., Maria, M. S., & Sabas, I.(2013). Web Application Firewall (WAF). International Journal of eEduciation, e-Business, e-Management and e-Learning

Pritchett Willie L, S. D. (2013). Kali Linux Cookbook. Birmingham,UK: Packt Publishing Ltd.

Muniz Jospeh, L. A. (2013). Web Penetration Testing with Linux. Birmingham, UK: Packt Publishing Ltd.

A.K. Kyaw, F. Sioquim, and J. Joseph, “Dictionary attack on Wordpress: Security and forensic analysis,†in 2015 2nd International Conference on Information Security and Cyber Forensics, InfoSec 2015, 2016, p. 158–164.

S.P. Ganesh and G. Anandhi, “Database Security: A Study on Threats And Attacksâ€, International Journal on Recent and Innovation Trends in Computing and Communication, vol. 4(6), pp. 512-513, 2015.