OPERATING SYSTEM SECURITY AND PENETRATION TESTING

H. U. Adoga; E. A. Ezugwu; M. B. Umar

المؤلفون

H. U. Adoga Department of Computer Science, Faculty of Science, Federal University Lafia, Nasarawa State, Nigeria مؤلف
E. A. Ezugwu Department of Computer Science, Faculty of Science, Federal University Lafia, Nasarawa State, Nigeria مؤلف
M. B. Umar Department of Computer Science, Faculty of Science, Federal University Lafia, Nasarawa State, Nigeria مؤلف

الكلمات المفتاحية:

Malware، operating system security، work station virtualization، penetration testing، network security

الملخص

Penetration testing is an integral part of any organization or individual that employs the use of Information Technology services. This ensures that their computing infrastructures are checked for vulnerabilities in a routine manner. This paper explains the processes and phases involved in ethical hacking. In addition, major penetration testing types available are also discussed. A Local Area Network (LAN) was designed in a virtual environment running Linux and Windows Operating Systems. We carried out a white box penetration test on the systems. Kali Linux; an open source Debian-based Linux distribution designed for penetration testing and digital forensics was used for the experiment. Several built-in tools in Kali Linux were used, while going through the main phases of penetration testing. Starting from the reconnaissance phase of the process, information about computers was gathered, the network was scanned for vulnerabilities in the scanning phase, and identified vulnerabilities were exploited in the third phase of the penetration test, which is gaining access. Backdoors to exploited system(s) were created to maintain access and event logs were deleted to prevent detection in the final phase of the process