Penetration Testing and Mitigation of Vulnerabilities Windows Server

Cyber attack has become a major concern over the past few years. While the technical capability to attack has declined, hacking tools both simple and comprehensive are themselves evolving rapidly. Certain approaches are necessary to protect a system from cyber threats. This work engages with comprehensive penetration testing in order to find vulnerabilities in the Windows Server and exploit them. Some forms of method penetration testing have been used in this experiment, including reconnaissance probes, brute force attacks based on password guessing, implanting malware to create a backdoor for escalating privileges, and flooding the target. This experiment was focused on gaining access in order to ascertain the identities of hackers and thus better understand their methods and performed penetration testing to evaluate security flaws in the Windows Server, which is a famous OS for web applications. It is expected that this work will serve as a guideline for practitioners who want to prepare and protect their systems before putting them online.

[1]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[2]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[3]  Neil Barrett,et al.  Penetration testing and social engineering: Hacking the weakest link , 2003, Inf. Secur. Tech. Rep..

[4]  Hannes Holm Performance of automated network vulnerability scanning at remediating security issues , 2012, Comput. Secur..

[5]  Robert Bruen Intrusion Detection Systems: Problems and Opportunities , 2001, Softw. Focus.

[6]  Richard J. Potts Hacking: The threats , 1989 .

[7]  Danny Bradbury Hands-on with Metasploit Express , 2010, Netw. Secur..

[8]  E.Eugene Schultz RPC in Windows: RPC in Windows systems: what you don't know could hurt you , 2004 .

[9]  James Conrad Seeking help: the important role of ethical hackers , 2012, Netw. Secur..

[10]  Jian Hua,et al.  The economic impact of cyber terrorism , 2013, Journal of strategic information systems.

[11]  Emil Scarlat,et al.  Managing Information Technology Security in the Context of Cyber Crime Trends , 2012, Int. J. Comput. Commun. Control.

[12]  Yashwant K. Malaiya,et al.  Modeling vulnerability discovery process in Apache and IIS HTTP servers , 2011, Comput. Secur..

[13]  Robert A. Martin Managing Vulnerabilities in Networked Systems , 2001, Computer.

[14]  Agustín Orfila,et al.  Analysis of update delays in signature-based network intrusion detection systems , 2011, Comput. Secur..

[15]  Steve Mansfield-Devine DDoS: threats and mitigation , 2011, Netw. Secur..

[16]  Kenneth Geers Cyber Weapons Convention , 2010, Comput. Law Secur. Rev..

[17]  Richard P. Lippmann,et al.  An Overview of Issues in Testing Intrusion Detection Systems , 2003 .

[18]  David Schneider,et al.  The state of network security , 2012, Netw. Secur..

[19]  John L. Rice,et al.  Cybercrime: Understanding and addressing the concerns of stakeholders , 2011, Comput. Secur..

[20]  Thomas Wilhelm,et al.  Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research , 2007 .

[21]  Shari Lawrence Pfleeger,et al.  A methodology for penetration testing , 1989, Comput. Secur..

[22]  George F. Riley,et al.  Intrusion detection testing and benchmarking methodologies , 2003, First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings..

[23]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[24]  Steve Mansfield-Devine,et al.  Hacktivism: assessing the damage , 2011, Netw. Secur..

[25]  Deris Stiawan,et al.  Penetration Testing and Network Auditing: Linux , 2015, J. Inf. Process. Syst..

[26]  Clive Blatchford Hacking: An abuse of privilege , 1989 .

[27]  Rachid Beghdad,et al.  Critical study of neural networks in detecting intrusions , 2008, Comput. Secur..

[28]  Maria Papadaki,et al.  The Problem of False Alarms: Evaluation with Snort and DARPA 1999 Dataset , 2008, TrustBus.

[29]  E.Eugene Schultz Windows 2000 Security , 2004 .

[30]  Rachid Beghdad,et al.  Efficient deterministic method for detecting new U2R attacks , 2009, Comput. Commun..

[31]  Paul Turner,et al.  Technical, legal and ethical dilemmas: distinguishing risks arising from malware and cyber-attack tools in the ‘cloud’—a forensic computing perspective , 2012, Journal of Computer Virology and Hacking Techniques.