PEN Testers Methodology

docx

School

Grand Canyon University *

*We aren’t endorsed by this school

Course

340

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

Uploaded by CorporalHummingbird3807

Brian Centers ITT – 340 December 13, 2022 Professor Ingrid Gaviria PEN Testers Methodology Cyber-attackers will utilize the same five methods that are used for penetration testing when coordinating an attack on a network or software program. The first step being reconnaissance, where the attacker plans out the attack by gaining as much information and knowledge about the target, similar to a PEN tester gathering as much information as they can about the system or software they plan on using for their test attack. The next step, scanning, is where attackers use scanning tools such as port scanners, vulnerability scanners and dialers to acquire information such as IP addresses, user accounts and computer names, where as PEN testers will use scanning tools to learn about vulnerabilities about the environment they will be doing their testing on. Gaining system access is the next step, and attackers will use their gatherings and knowledge about the target to infiltrate the network or system just like PEN testers do when exploiting the weaknesses on the system they are using. Once access has been established, the next step will be to maintain persistent access, where attackers will use any means to keep their access with either multiple attacks or viruses and carry out their attack until the job is done, similar to PEN testers trying to keep their test running as long as possible while trying to accrue the maximum number of privileges, maximum number of accounts, and all information about the network as possible. Finally, the last step for the attacker is to clear their

footprint of the attack by clearing out all of the data they may have inputted or by completely erasing or disabling the network or system, just like a PEN tester would do an analysis of their findings about the test they performed. For PEN testers, having these five methods are absolutely necessary to conduct a proper test. Reconnaissance is required to gather as much information as necessary to learn about the system to develop a plan. Scanning is also vital because the tester needs to learn about the weaknesses of the environment they will be infiltrating to coordinate a successful test. Gaining system access is probably the most important step because this is where the tester can carry out the test to see how much damage they can cause within the system. Maintaining system access is crucial as well because the tester will need to see how long they can carry out their test to learn just how long an actual attack could last in the environment. The final step of analysis is important information the tester will gather about the test so that they can implement their findings into the actual environment to better protect it against attacks. The ultimate motivation for an organization to perform such penetration testing cyber operations is security for their network and their data. One attack could ultimately derail an organization to close its doors for good should the attack compromise enough data so the more protection an organization has, the better its chances of staying in business. The use of the flaw hypothesis methodology directly intersects with the PEN testers methodology in that the flaw hypothesis methodology uses penetration testing to determine how strong the security of a network or software is for an organization. To make a decision or align legal and ethical issues of cybersecurity with the Christian worldview, you must consider what the intent is. Penetration testing is also considered ethical hacking, in that the testing is done to learn about a network’s or software’s flaws to better protect

the network or software against the bad actors of the world. The testing is done for the better good of the organization and for protection against the evils of the cyber world, even though cyber-attackers utilize these same methods when performing their attacks. Many people’s lives could be drastically altered should an organization be a victim of a cyber-attack, and protecting these people is exactly what penetration testing will do for the organizations.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Related Documents

APS234F_2019_ENTREPRENEURSHIP AND SMALL BUSINESS_E.pdf

Lab0.pdf

ROB501H1_20229_621670879777rob501_fall_2022_midterm_soln.pdf

2-4 Module 2 Short Responses.docx

poster_template_a1_23.4_x_33.1.pptx

problem14.pdf

CS77_Quizzes.docx

W14 Visualization Challenge.docx

Homework 7 - Answers.docx

midterm_1_uofzona.py

Scenario 1 Liz Marsteller.docx

main (1).pdf

Recommended textbooks for you

Enhanced Discovering Computers 2017 (Shelly Cashm...

Computer Science

ISBN:9781305657458

Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell

Publisher:Cengage Learning

Principles of Information Systems (MindTap Course...

Computer Science

ISBN:9781305971776

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Management Of Information Security

Computer Science

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:Cengage Learning,

Principles of Information Systems (MindTap Course...

Computer Science

ISBN:9781285867168

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Fundamentals of Information Systems

Computer Science

ISBN:9781337097536

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

CMPTR

Computer Science

ISBN:9781337681872

Author:PINARD

Publisher:Cengage

SEE MORE TEXTBOOKS

Recommended textbooks for you

Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
CMPTR
Computer Science
ISBN:9781337681872
Author:PINARD
Publisher:Cengage