Discussion Question :: Securing System Access and Sessions
To begin, read the following: https://www.veracode.com/security/penetration-testing
Given this information, research Kali Linux, including the tools it contains and how it can assist a penetration tester in identifying vulnerabilities in the network. Once you have done that, answer the following questions as though you were an internal or external penetration test firm assisting a Saudi company in strengthening their systems, framework, and network.
1. How does the penetration test differ from other types of security testing – such as a vulnerability assessment?
2. What is your process for performing the penetration test? Explain in detail and discuss the process and tools that would be used.
3. How will you protect the company’s data during and after testing?
4. How will you ensure the availability of systems and services while the test is taking place?
These last two will be key. Unless you are performing the penetration test when their users are not active, it will be necessary to catalog how you will do this without disrupting business or destroying data.
In preparing your response, cite at least one source from professional or academic literature, such as articles from peer-reviewed journals and relevant textbooks. For this course, the use of Wikipedia is not considered an academic or professional reference. You should also be sure to proof-read and spell-check your responses. All sources should be formatted per APA style guidelines.
Solution Preview
1. Penetration test differs from other types of security test in that it is always designed to offer a set attacker simulated goal and is normally ordered by customers who feel they are already within their desired posture, unlike other security tests. Penetration test delivers a specific report on how security was faulted to achieve an agreed goal.
(441 words)