Abstract
Network security is a growing concern in a modern world, irrespective of the size or volume of the organization. Penetration testing is one of the techniques that are used for network and systems security assessment. It involves legally attempting to break into the network to check available vulnerability and exploits, simulating what a real hacker might do. It can enhance the security of the network as it looks for exploits and vulnerability present in the system, then come up with ways to mitigate the risks. In this paper, a virtual network laboratory is designed and setup to conduct the penetration test by demonstrating attacks and intrusion into the network infrastructure. Kali Linux operating system is used to perform penetration testing. Information gathering, vulnerability analysis, exploitation, reporting also presented as part of penetration testing followed by a penetration testing methodology. Theoretical background on penetration testing has also been discussed. Information gathering tools (Dmitry, Nmap and zenmap), vulnerability scanning tools (Nexpose community, Nessus, GFI Languard and OpenVAS) and exploitation tools (Armitage, Metasploit framework) are used to simulate possible attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Almubairik, N.A., Wills, G.: Automated penetration testing based on a threat model. In: International Conference for Internet Technology and Secured Transactions (ICITST-2016), vol. 11, pp. 413–414 (2016)
Ami, P., Hasan, A.: Seven phrase penetration testing model. Int. J. Comput. Appl. 59(5), 16–20 (2012)
Cardwell, K.: Building Virtual Pentesting Labs for Advanced Penetration Testing, 1st edn. Packt Publishing, Birmingham (2014)
Concise, A.C.: Hacker tools top ten (2017). https://www.concise-courses.com/hacking-tools/. Accessed 2 Nov 2017
Denis, M., Zena, C., Hayajneh, T.: Penetration testing: concepts, attack methods, and defense strategies. IEEE (2014)
Infosec Institute: Pros and cons in penetration testing services: the debate continues (2016). http://resources.infosecinstitute.com/pros-and-cons-in-penetration-testing-servicesthe-debate-continues/#gref. Accessed 6 Oct 2017
InfoSec Institute: The types of penetration testing (2016). http://resources.infosecinstitute.com/the-types-of-penetration-testing/#gref. Accessed 4 Oct 2017
Kennedy, D., O’Gorman, J., Kearns, D., Aharoni, M.: METASPLOIT - The Penetration Tester’s Guide. No Starch Press, San Francisco (2011)
Kim, P.: The Hacker Playbook - Practical Guide to Penetration Testing. Secure Planet LLC, South Carolina (2014)
Liu, L., Xu, J., Cuo, C.: Exposing SQL injection vulnerability through penetration test based on finite state machine. In: IEEE International Conference on Computer and Communications, vol. 2, pp. 1171–1175 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Kumar, R., Tlhagadikgora, K. (2019). Internal Network Penetration Testing Using Free/Open Source Tools: Network and System Administration Approach. In: Luhach, A., Singh, D., Hsiung, PA., Hawari, K., Lingras, P., Singh, P. (eds) Advanced Informatics for Computing Research. ICAICR 2018. Communications in Computer and Information Science, vol 956. Springer, Singapore. https://doi.org/10.1007/978-981-13-3143-5_22
Download citation
DOI: https://doi.org/10.1007/978-981-13-3143-5_22
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-3142-8
Online ISBN: 978-981-13-3143-5
eBook Packages: Computer ScienceComputer Science (R0)