As most of you are probably aware, Internet Protocol (IP) is what a network orga

Question

As most of you are probably aware, Internet Protocol (IP) is what a network organization’s internet uses to communicate with otherinternets located on the overall Internet.  So an organizations internet is a compilation of its LAN(s), Intranet, MAN, or perhaps private WAN.  To identify these components each has a logical IP address for example 10.1.1.5 which is associated with its hardware address cf:df:bc:de:ac:12.  This is how data in whatever form, voice, video, or alphanumeric is routed from one to one, one to many, many to many and so on.

Given the above what tools might use to conduct penetration tests when performing an, Initial network scanning, Low-Level IP assessment, and a Vulnerability assessment?

Explanation / Answer

Hi,

Before I mention the tools that are used to perform a vulnerability assessment, first I would like to talk about:
1) What is Security Testing
2) Different type of threats which can be used to take advantage of security vulnerability.
3) The tools that are generally used to conduct penetration tests.

1) What is security testing: It is designed to assess your security level before anyone else does.
These tools simulate real-world attack scenarios and discover security gaps that can lead to its vulnerability (stolen records, compromised credentials, intellectual property, cardholder data, data ransom).
It identifies any threats through white hat attack or a black hat attack.
It identifies the magnitude of the attack on potential business.

These are the general attributes that any tester gives attention to while testing:

2) Different type of threats which can be used to take advantage of security vulnerability:

Privilege elevation: It is a class of attack where a hacker has an account on a system and uses it to increase his system privileges to a higher level than he/she was not meant to have.
SQL injection: It is the most common application layer attack technique used by hackers, in which malicious SQL statements are inserted into an entry field for execution.
Unauthorized data access: One of the more popular types of attacks is gaining unauthorized access to data within an application. Data can be accessed on servers or on a network.
URL manipulation: It is the process of manipulating the website URL query strings & capture of the important information by hackers.
Data manipulation: In this a hacker changes data used by a website in order to gain some advantage or to embarrass the website’s owners.
Identity spoofing: It is a technique where a hacker uses the credentials of a legitimate user or device to launch attacks against network hosts, steal data or bypass access controls.

3) The tools that are generally used to conduct penetration tests for Initial network scanning,
Low-Level IP assessment the tools generally used are (work for all security or penetration purposes):

1)Vega
2)All-in-one netflow analyzer
3)Free PC Audit
4)netTerrain DCIM
5)kentik
6)RandomBytes
7)Statlook
8)Best VPN Services
9)Cloudwards

Once all the vulnerabilities have been discovered, they need to be eliminated by the tester or by the person who is testing it.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.