The Penetration Test Process: Possible Causes of Vulnerabilities (Coursework Sample)

Penetration Testing Plan
Name of student
Institutional Affiliation
Penetration Testing Plan
1 EXECUTIVE SUMMARY
Penetration testing, also known as Pen Testing, is the process by which an organization checks it vulnerabilities in their system, network or web application to ensure that all the loop holes that attackers can exploit are sealed. It is basically a means to measure the security of the IT infrastructure of an organization.
The organization test the vulnerability of their system and exploit the flaws in various sectors of the system such as the Operating System, end-user behavior, and wrong configurations. This tests ensure that the security of the system is adhered to using defensive mechanisms and also the user is updated on the security strategies used. The details of the security issues found during these tests are collected and combined. They are then given to the Network Systems manager for review and solution generation. (Petukhov & Kozlov 2008)
Diagram 1: The Penetration Test Process (Petukhov & Kozlov 2008)
Possible Causes of Vulnerabilities
* Human errors
* Wrong configuration of the system
* Problems that may arise in the design stage of the system.
Advantages of Penetration Testing
* Maintain positive rating of the company
* Pen testing can be done during a system upgrade to ensure no vulnerabilities are available
* Gives the possibility to assess the network efficiency of the company
* Network down time costs is significantly reduced
* Gives the opportunity to take care of flaws intelligently
(Bacudio et al. 2011)
Penetration Testing is done using tools that can discern the flaws in the system automatically. However, these tools might sometimes discern flaws that are not available originally. The major qualities of a proper penetration tester include the following:
* Must be able to plan and implement suitable procedures
* Maintain a reasonable cost benefit when it comes to selection of tools
* Must be up to date with the current security issues
* Be able to come up with a comprehensive report of security issues and mitigation measures
2 OVERVIEW
InfoTech technologies did a security assessment or penetration testing of WAKE.LTD with the aim of reviewing the security features of their internet infrastructure so as to identify any vulnerabilities of their system and fix them. It thereby considered to change the e-mail and alliance services to be delivered through Cloud Computing services and software.
3 SCOPE
This penetration test was aimed at analyzing the internet infrastructure of WAKE LTD and coming up with a relevant solution to overcome any flaws that were found. The e-mail services currently delivered were found to be vulnerable and at risk of security breach and it was therefore considered to shift this to a more secure Cloud computing service.
Objectives of the Test
The objectives of this penetration test will be highlighted based on the category under consideration. That is business, technical and management aspects.
Business Objectives
When it was found necessary to eradicate the old system of e-mail services for a much newer cloud service, it became a good move for the client in terms of meeting certain business objectives. The first step in the process was to come up with a plan to on the replacement of the current system with the new one and provide a perfect transition from the old services to the new one without compromising the service provision. (Antunes & Vieira 2011)
These objectives include the following as outlined below:
* To provide a better storage capacity, if possible unlimited storage, in order to retain more e-mail by users.
* Improve the system regularly through frequent updates giving users more current service offers.
* To provide a faster and more durable search ability.
* Expand the company’s capabilities when it comes to online activity and social media access.
The transition process from the old system to the new one is also vital through careful planning so as not to interfere with the business activities:
* Come up with an exit plan that will be done through thorough planning to ensure a smooth transition from the old system to the new one.
* A data transfer process that will ensure no data loss from the previously existing data.
Technical Objectives
The technical objectives of the company from this plan involves a reliable system and at the same time follow the required regulation with a high level of professionalism. The service to be provided also has to be able to be customized in the future if need arises. The objectives based on this guidelines are as outlined:
* A service that is sustainable that will ensure the users still have access even when one of the provider location fails.
* The ability of the system to have backup and recovery options.
* Provide a system that is dependable
Management Objectives
The aim of this section is to look at the objectives that management and customer support.
* Provide a system that can provide reports for management purposes.
* Able to develop invoices for services related to management.
4 ASSUMPTIONS
The solution to this test was developed amid certain constraints that were encountered during the process. The contractor addressed these constraints and assumptions as well as they could depending on the limitations encountered. These constraints were seen to revolve around laws, rules, technological standards and limitations encountered during the entire process (McLaughlin 2011). These constraints include the following:
1 Accessibility
The company shall give access to the contractor who performs the penetration test depending on the company’s access laws and regulations. The company shall at its own discretion limit the access based on the n...