Penetration Testing and Network Auditing: Linux

Along with the evolution of Internet and its new emerging services, the quantity and impact of attacks have been continuously increasing. Currently, the technical capability to attack has tended to decrease. On the contrary, performances of hacking tools are evolving, growing, simple, comprehensive, and accessible to the public. In this work, network penetration testing and auditing of the Redhat operating system (OS) are highlighted as one of the most popular OS for Internet applications. Some types of attacks are from a different side and new attack method have been attempted, such as: scanning for reconnaissance, guessing the password, gaining privileged access, and flooding the victim machine to decrease availability. Some analyses in network auditing and forensic from victim server are also presented in this paper. Our proposed system aims confirmed as hackable or not and we expect for it to be used as a reference for practitioners to protect their systems from cyber-attacks.

[1]  Kenneth Geers Cyber Weapons Convention , 2010, Comput. Law Secur. Rev..

[2]  Hannes Holm Performance of automated network vulnerability scanning at remediating security issues , 2012, Comput. Secur..

[3]  Charles B. Silio,et al.  Procedure for detection of and response to Distributed Denial of Service cyber attacks on complex enterprise systems , 2012, 2012 IEEE International Systems Conference SysCon 2012.

[4]  Ning Du,et al.  Generation and Analysis of Attack Graphs , 2012 .

[5]  Agustín Orfila,et al.  Analysis of update delays in signature-based network intrusion detection systems , 2011, Comput. Secur..

[6]  Ronaldo M. Salles,et al.  Botnets: A survey , 2013, Comput. Networks.

[7]  Edward Amoroso,et al.  Cyber attacks: awareness , 2011, Netw. Secur..

[8]  Santosh Biswas,et al.  LAN attack detection using Discrete Event Systems. , 2011, ISA transactions.

[9]  Li Yang,et al.  Snort-based Campus Network Security Intrusion Detection System , 2012 .

[10]  Nils Kalstad Svendsen,et al.  Cracking Associative Passwords , 2012, NordSec.

[11]  Jianhua Li,et al.  Building network attack graph for alert causal correlation , 2008, Comput. Secur..

[12]  Kenneth Geers,et al.  The challenge of cyber attack deterrence , 2010, Comput. Law Secur. Rev..

[13]  Rachid Beghdad,et al.  Efficient deterministic method for detecting new U2R attacks , 2009, Comput. Commun..

[14]  Won Kim,et al.  The dark side of the Internet: Attacks, costs and responses , 2011, Inf. Syst..