On the Review and Setup of Security Audit using Kali Linux

The massive development of technology especially in computers, mobile devices, and networking has bring security issue forward as primarily concern. The computers and mobile devices connected to Internet are exposed to numerous threats and exploits. With the utilization of penetration testing, vulnerabilities of a system can be identified and simulated attack can be launched to determine how severe the vulnerabilities are. This paper reviewed some of the security concepts, including penetration testing, security analysis, and security audit. On the other hand, Kali Linux is the most popular penetration testing and security audit platform with advanced tools to detect any vulnerabilities uncovered in the target machine. For this purpose, Kali Linux setup and installation will be described in more details. Moreover, a method to install vulnerable server was also presented. Further research including simulated attacks to vulnerable server on both web and firewall system will be conducted.

[1]  Brent Kesler,et al.  The Vulnerability of Nuclear Facilities to Cyber Attack; Strategic Insights: Spring 2010 , 2011 .

[2]  Prashant S. Shinde,et al.  Cyber security analysis using vulnerability assessment and penetration testing , 2016, 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave).

[3]  Ram Shringar Raw,et al.  A comprehensive inspection of cross site scripting attack , 2016, 2016 International Conference on Computing, Communication and Automation (ICCCA).

[4]  Robert W. Beggs Mastering Kali Linux for Advanced Penetration Testing , 2014 .

[5]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[6]  Lauren Darcey,et al.  Introduction to Android Application Development: Android Essentials , 2013 .

[7]  Mauro Conti,et al.  A Survey of Man In The Middle Attacks , 2016, IEEE Communications Surveys & Tutorials.

[8]  Dimitris Gritzalis,et al.  Introduction to Computer and Network Security: Navigating Shades of Gray , 2014, Comput. Secur..

[9]  Alexander Kott,et al.  Cyber Defense and Situational Awareness , 2015, Advances in Information Security.

[10]  Kim Zetter,et al.  Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon , 2014 .

[11]  Bing Zhou,et al.  Enhanced Approach to Detection of SQL Injection Attack , 2016, 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA).

[12]  Thaier Hayajneh,et al.  Penetration testing: Concepts, attack methods, and defense strategies , 2016, 2016 IEEE Long Island Systems, Applications and Technology Conference (LISAT).

[13]  Vrizlynn L. L. Thing,et al.  Securing Android , 2015, ACM Comput. Surv..

[14]  Mohammed Saleh,et al.  Evaluation of portable penetration testing on smart cities applications using Raspberry Pi III , 2017, 2017 Fourth HCT Information Technology Trends (ITT).

[15]  Nurmazilah Mahzan,et al.  Examining the adoption of computer-assisted audit tools and techniques: Cases of generalized audit software use by internal auditors , 2014 .

[16]  O Sri Nagesh,et al.  A Survey on Security Aspects of Server Virtualization in Cloud Computing , 2017 .

[17]  Touhid Bhuiyan,et al.  RFI and SQLi based local file inclusion vulnerabilities in web applications of Bangladesh , 2016, 2016 International Workshop on Computational Intelligence (IWCI).

[18]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[19]  Juned Ahmed Ansari Web Penetration Testing with Kali Linux , 2015 .