Title: Vulnerability And Penetration Testing

Name: Jeffery Felix Brown

Class: Computer Networks and Security ITCO361-1501B-01

Date: April 20, 2015

Time: 11:55 p.m. E.S.T.

Explanation on Penetration Testing and Vulnerability

Assessment. {Part 1}

• Penetration Testing is a service to design an stimulate any attack on Operating Systems, in any Partners Environment.

• In defining the Characteristic toward Penetration Testing that individuals that will actively in attacking a number of Systems to Scope similar Methods actually attackers will used.

• For as Penetration can always be done within a {Black Box Manner}, how none of the information provided for the Testing Team or specific information given to the Testing Team giving for a Jumps Start in the Right Things.

• Advantages for Penetration Test to demonstrate the way Critical Topics in the form of Patch Management to the Organization.

• Lastly, Penetration Testing useful in the later stage of a Vulnerability Management processing for validating that nothing been overlook.

Explanation on Penetration Testing and Vulnerability

Assessment. {Part 2}

• Vulnerability Assessment gives service to design for Analyzing these Hosts within the Scope an locate Areas where attacks might more likely to occur, cutting out unnecessary exploiting issues Locations.

• For vulnerability Assessment sometimes involve investigation of any Machine by determining whether current Patches being Applied.

• Advantage of Vulnerability Assessment is the Enterprise are looking at large number of Systems and having feedback on each of them.

• Disadvantage in Vulnerability Assessment are the actual Attacks that aren’t being Performed, but sometimes is difficult in simultaneous tested toward incident response procedures or other Migration Controls.

• In general Vulnerability Assessment are useful in activity to evaluate every process in Control, to put into place as a Patch Management for security configuration of the Host to a degree as security is associated with System Administration Processes

Identify Benefits Using Penetration Testing and

Vulnerability Assessments Relative to Threats.

There are several reason why Organizations always performs Vulnerability and

Penetrations Testing:

• First, to help identify Threats in facing your Organization’s information Assets.

• Secondly, with this information can qualify Data risks an provide adequacy for Security

Funding.

• Third, Reduce the IT Security Cost and gives better in returns for IT Security Investment

by identifying and resolving Vulnerabilities Weaknesses.

• Fourth, Maintaining a Secure to complete the Environment in providing Organization

Management with reasonable assurance that adequate Controls, that is put into place a

Limit to Risks in exposure for Hackers and Attackers.

Discuss Tools Available and Explain their usage in the

Industry Toward Migrate Security Vulnerabilities.

• Network Mapper {Nmap} are one of the popular free Tool used for Security Scanning and Auditing for UNIX and Microsoft Platforms.

• Nessus is one of the Vulnerability Scanner that are available for the UNIX and Microsoft Platform, has a built-in port scans to generate a Report, by displaying all results from the Scan to migrate vulnerabilities.

• Analysis Tool are to help in determine vulnerabilities for endpoint Devices, in such as Network Hosts and Servers.

• Knoppix STD {Knoppix Security Tool Distribution is a LinuxLive CD distribution contains numerous Valuable Security Tools. Knoppix STD have many useful features like [Encryption, Firewall, Network utilities, and Packet Sniffers].

• Microsoft Baseline Security Analyzer {MBSA} is a Software that Scans Hosts running the Windows Software [2000, XP, and Windows Server 2003] Operating Systems, in determining these potential security risks.

References:

Moyle, E. (2007, May 21). Vulnerability and Penetration Testing: What's

the Difference? Retrieved April 20, 2015, from

www.technewsworld.com/rstory/57458.html

Edmead, M. (2007, September 8). The Importance of Performing

Vulnerability & Penetration Testing. Retrieved April 20, 2015, from

www.wib.org/publication_resources/article_library/2007-

08/aug07_vulnerability.html

Chapter 1: Vulnerabilities, Threats, and Attacks. (2006, September 7).

Retrieved April 20, 2015, from www.scafbook.net/read/02-16251s1i-qxd-

9706-1104-am-page-1-vulnerabilities-threats-5475095/