Penetration testing to identify attacks in enterprise computer systems and networks

Penetration testing or pen test is defined as the simulation of a real-world attack on a target network or application through a wide range of activities. Penetration testing process is held by the auditor of the network or by a designated pen-tester. In technical terms, a pen-test is a methodical system to probe the present system from inbound and outbound corners, to determine the potential vulnerabilities. The system, in this context may refer to a union of hosts or network and/or applications involved in the industry infrastructure.

Pen-testing is not only concerned about technical and machine flaws, but also physical security loopholes and operating system flaws. By using proper pen-testing tools in various phases, with the help of authorised IT professionals, we can prevent cyber-attacks and up the ante of cyber security.

Let’s explore three main pen-testing phases and the tools involved:

Pre-attack phase

In conclusion, penetration testing is a crucial process to protect enterprise systems and network. It should be carefully implemented by using various tools and techniques to achieve a high level of security. Most enterprises understand the use of penetration testing and hire cyber security professionals to prevent their systems and network from malicious attacks. With continuous efforts in fortifying enterprise systems and networks, attacks can be minimised and proper counter measures can be devised and implemented.

Attack phase

This second step in the process is essential for any penetration testing process. It consists of endangering the target with the use of offensive tools. These tools for target probing include social engineering (a broad range of malicious activities accomplished through human interactions), vulnerability test scans, password crackers, wire shark, nessus, burpsuite, meta sploit and NMap. All these are software tools to perform malicious attacks. Once these tools are activated, the first step is to acquire the required privileges, by exploiting the victim and implanting the software to hijack the system. The main purpose of this phase is to maximise the exploitation of the system’s defenses’ flaws.

Post-attack phase

The main aim of this last step is to remove or erase any files or logs, that may point to the activity of the penetration tester. It happens only after the organisation’s network has been exploited and performs a set of actions, that restores the system to its original state. More specifically, it involves actions such as erasing implanted backdoors, cleaning the registry entries, restoring the network devices configuration and removing any connections that were previously made during the attack phase.

This article is written by Latha Manian from the School of Technology.