Browse > Article
http://dx.doi.org/10.3745/JIPS.03.0013

Penetration Testing and Network Auditing: Linux  

Stiawan, Deris (Dept. Computer Engineering, Faculty of Computer Science, Sriwijaya University)
Idris, Mohd. Yazid (Department of Computing, Universiti Teknologi Malaysia)
Abdullah, Abdul Hanan (Department of Computing, Universiti Teknologi Malaysia)
Publication Information
Journal of Information Processing Systems / v.11, no.1, 2015 , pp. 104-115 More about this Journal
Abstract
Along with the evolution of Internet and its new emerging services, the quantity and impact of attacks have been continuously increasing. Currently, the technical capability to attack has tended to decrease. On the contrary, performances of hacking tools are evolving, growing, simple, comprehensive, and accessible to the public. In this work, network penetration testing and auditing of the Redhat operating system (OS) are highlighted as one of the most popular OS for Internet applications. Some types of attacks are from a different side and new attack method have been attempted, such as: scanning for reconnaissance, guessing the password, gaining privileged access, and flooding the victim machine to decrease availability. Some analyses in network auditing and forensic from victim server are also presented in this paper. Our proposed system aims confirmed as hackable or not and we expect for it to be used as a reference for practitioners to protect their systems from cyber-attacks.
Keywords
Network attack; network auditing; network forensic;
Citations & Related Records
연도 인용수 순위
  • Reference
1 E. G. Amoroso, "Cyber attacks: awareness," Network Security, vol. 2011, pp. 10-16, 2011.
2 G. Kenneth, "The challenge of cyber attack deterrence," Computer Law & Security Review, vol. 26, pp. 298-303, 2010.   DOI   ScienceOn
3 W. Kim, O.-R. Jeong, C. Kim, and J. So, "The dark side of the Internet: Attacks, costs and responses," Information Systems, vol. 36, pp. 675-705, 2011.   DOI   ScienceOn
4 G. Kenneth, "Cyber Weapons Convention," Computer Law & Security Review, vol. 26, pp. 547-551, 2010.   DOI   ScienceOn
5 S. Zhang, J. Li, X. Chen, and L. Fan, "Building network attack graph for alert causal correlation," Computers & Security, vol. 27, pp. 188-196, 2008.   DOI   ScienceOn
6 C. Wang, N. Du, and H. Yang, "Generation and Analysis of Attack Graphs," Procedia Engineering, vol. 29, pp. 4053-4057, 2012.   DOI   ScienceOn
7 H. Gascon, A. Orfila, and J. Blasco, "Analysis of update delays in signature-based network intrusion detection systems," vol. 30, pp. 613-624, 2011.   DOI   ScienceOn
8 H. Holm, "Performance of automated network vulnerability scanning at remediating security issues," Computers & Security, vol. 31, pp. 164-175, 2012.   DOI   ScienceOn
9 K. Helkala, N. Svendsen, P. Thorsheim, and A. Wiehe, "Cracking Associative Passwords," in Secure IT Systems. vol. 7617, A. Josang and B. Carlsson, Eds., ed: Springer Berlin Heidelberg, 2012, pp. 153-168.
10 R. Beghdad, "Efficient deterministic method for detecting new U2R attacks," Computer Communications, vol. 32, pp. 1104-1110, 2009.   DOI   ScienceOn
11 S. S. C. Silva, R. M. P. Silva, R. C. G. Pinto, and R. M. Salles, "Botnets: A survey," COMPUTER NETWORKS, vol. 57, pp. 378-403, 2013.   DOI   ScienceOn
12 P. C. Hershey and C. B. Silio, "Procedure for detection of and response to Distributed Denial of Service cyber attacks on complex enterprise systems," in Systems Conference (SysCon), 2012 IEEE International, 2012, pp. 1-6.
13 L. Yang and D. Weng, "Snort-based Campus Network Security Intrusion Detection System Information Engineering and Applications." vol. 154, R. Zhu and Y. Ma, Eds., ed: Springer London, 2012, pp. 824-831.
14 PCRG. (2012). Intrusion & Threat Detection Universiti Teknologi Malaysia Dataset (ITD UTM). Available: http://pcrg-utm.org/dataset/
15 N. Hubballi, S. Biswas, S. Roopa, R. Ratti, and S. Nandi, "LAN attack detection using Discrete Event Systems," ISA Transactions, vol. 50, pp. 119-130, 2011.   DOI   ScienceOn
16 C. P. software. (2012). Riverbed$^{(R)}$ Cascade$^{(R)}$ Pilot software. Available: http://www.riverbed.com/us/products/cascade/cascade_pilot.php