Network Security Assessment Using Internal Network Penetration Testing Methodology

The use of computer networks in an agency aims to facilitate communication and data transfer between devices. The network that can be applied can be using wireless media or LAN cable. At SMP XYZ, most of the computers still use wireless networks. Based on the findings in the field, it was found that there was no user management problem. Therefore, an analysis and audit of the network security system is needed to ensure that the network security system at SMP XYZ is safe and running well. In conducting this analysis, a tool is needed which will be used as a benchmark to determine the security of the wireless network. The tools used are Penetration Testing Execution Standard (PTES) which is one of the tools to become a standard in analyzing or auditing network security systems in a company in this case, namely analyzing and auditing wireless network security systems. After conducting an analysis based on these tools, there are still many security holes in the XYZ wireless SMP that allow outsiders to illegally access and obtain vulnerabilities in terms of WPA2 cracking, DoS, wireless router password cracking, and access point isolation so that it can be said that network security at SMP XYZ is still not safe

Download Full-text

ХИБРИДИЗАЦИЈА СИСТЕМА БЕЗБЕДНОСТИ У ФУНКЦИЈИ РЕАЛИЗАЦИЈЕ КОНЦЕПТА ЉУДСКЕ БЕЗБЕДНОСТИ

TEME ◽

10.22190/teme191014060d ◽

2020 ◽

pp. 1013

Author(s):

Ivica Lj Djordjevic ◽

Ozren Dzigurski

Keyword(s):

Computer Network ◽

Human Security ◽

Security System ◽

Potential Contribution ◽

Information And Communications Technologies ◽

Security Systems ◽

Security Research ◽

Proposed Model ◽

Communications Technologies ◽

The Stability

Depending on the inclination of the authors and the focus of their security research, we recognize two most common approaches: the first focuses on the stability of national governance structures and territorial integrity (state and/or national security); while the second approach focuses on security as a civil right in daily life, the availability of necessary resources and the quality of life. The latter approach is known in theory as the concept of human security. Considering the fact that a comprehensive analysis of the security situation involves elements of both approaches, in the paper we consider the complex relationship between state and non-state security actors through the hybridization of the political system. The mismatch between the level of the national strategy and its operationalization at the level of meeting the needs of citizens requires the introduction of new elements in the space between the strategic and operational levels. The outlined approach can be called the Hybrid Security System because of its potential contribution to raising the level of Human Security (HS) in local communities. We will present the hybrid security system conceptually in the form of a decentralized computer network. The presented diagram of System Dynamics and the proposed model of HS operationalization through the hybridization of security systems using the potential of Information and Communications Technologies are a good basis for the analysis and raising the level of citizens’ security in relation to current threats.

Download Full-text

A Corporate Computer Network Security System Design and Implementation

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.1044-1045.965 ◽

2014 ◽

Vol 1044-1045 ◽

pp. 965-967 ◽

Cited By ~ 1

Author(s):

Lan Jiang

Keyword(s):

Network Security ◽

High Speed ◽

Computer Network ◽

Rapid Development ◽

Computer Systems ◽

Security System ◽

Network Technology ◽

Security Systems ◽

Computer Network Security ◽

Network Security System

With the rapid development of economy and society, the growing prosperous computer network technology has now become one of the indispensable elements in human life. Small to every household personal computer systems, large to computer systems concerned countries, they are incorporated into the scope of computer network security systems. Enterprises are social living cells, with important role of financial intermediation, the mining technology and training personnel. Corporate computer systems is an important part to ensure high-speed operation of enterprises, summarize business information and protect trade secrets, therefore, the more developed computer network technology is, the more important the development and maintenance of corporate computer network security systems is. This article will explore the design and function of enterprise computer network security system implementations based on the characteristics of computer network security and enterprise computer network system.

Download Full-text

Network Security System Implementation Using Raspberry Pi-Based Random Port Knocking Sent Via Telegram

Jurnal Jartel Jurnal Jaringan Telekomunikasi ◽

10.33795/jartel.v7i2.213 ◽

2018 ◽

Vol 7 (2) ◽

pp. 61-67

Author(s):

Iga Revva Princiss Jeinever

Keyword(s):

High Risk ◽

Network Security ◽

Computer Networks ◽

Computer Network ◽

Security System ◽

Raspberry Pi ◽

System Implementation ◽

The Right ◽

Network Administrators ◽

Ip Block

Computer networks are basically not safe to access freely. Security gaps in the network can be seen by irresponsible people with various techniques. Opening a port for access carries a high risk of being attacked by an attacker. In this connection, network administrators are required to work more to be able to secure the computer network they manage. One form of network security that is often used by network administrators in server management is through remote login such as ports on telnet, SSH, etc. A port that is always open is a network security hole that can be used by people who are not responsible for logging into the server. Focusing on these problems, in this study, Random Port Knocking is the right way and can be used to increase network security. With Random Port Knocking, the port will be opened as needed, the port will automatically change when it fails to log in more than three times and IP will automatically be blocked and access will not continue so that attacks on the network can be avoided and network security stability can be further improved. The final result of this research shows that the method applied in this research makes server safe. Because port randomization and IP block make irresponsible parties try harder to penetrate firewall walls.

Download Full-text

A Model for Estimating the Benefits from Network Security Systems

International Journal of Business Analytics ◽

10.4018/ijban.2014070101 ◽

2014 ◽

Vol 1 (3) ◽

pp. 1-20

Author(s):

Soumyo D. Moitra

Keyword(s):

Network Security ◽

Cyber Attacks ◽

Sensitivity Analyses ◽

Sensitive Information ◽

Security Systems ◽

Response Process ◽

Factors Affecting ◽

Linear Relationships ◽

Damage Type

Estimating the benefits of network security systems is important for security decisions since considerable resources are spent on them and organizations need to know the returns on their investments. The objective of the model presented here is to improve management decisions. Better decisions imply greater security for the budget. This model has a number of novel features such as a probabilistic sub-model for the detection and response process, a new attack/damage matrix based on damage-type and cyber-attacks by category, and extensive sensitivity analyses. The results suggest a number of insights into the factors affecting the benefits from sensors such as the effects of non-linear relationships between the rate of attacks and the damages caused. The key role of the value of sensitive information is identified. The model helps identify the conditions under which a new security system provides enough benefits to justify its purchase.

Download Full-text

Study on Risk Assessment of Network Security Based on Game Theory

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.181-182.799 ◽

2011 ◽

Vol 181-182 ◽

pp. 799-803

Author(s):

Yan Li Xu ◽

Ling Ling Wang

Keyword(s):

Risk Assessment ◽

Game Theory ◽

Network Security ◽

Detection System ◽

Comparative Method ◽

Security System ◽

Security Risk ◽

Protective Mechanisms ◽

Game Analysis ◽

Security Risk Assessment

to strengthen the network security and to enhance the accuracy of the network security risk assessment, the essay conducts game analysis to the security system of protective mechanisms. Using the basic theory of games and the analytical and comparative method, and raising the network security and physical model for the security system, this process will protect and improve the network security. At the aspect of setting the model, we did not rely on the traditional game theory, but creatively set behavior of the game for a large number of players for the limit logos of groups in the model, and paid more attention to the detection system to reach a state of stability. Analysis shows that the proposed models and the method are feasible and effective.

Download Full-text

A Network Security Risk Assessment Method Based on Immunity Algorithm

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.108-111.948 ◽

2010 ◽

Vol 108-111 ◽

pp. 948-953 ◽

Cited By ~ 2

Author(s):

Hao Yuan

Keyword(s):

Risk Assessment ◽

Network Security ◽

Vulnerability Assessment ◽

Assessment Method ◽

Security Assessment ◽

Security Risk ◽

Security Vulnerabilities ◽

Risk Assessment Method ◽

Assessment Systems ◽

Security Risk Assessment

Based on the research of domestic and foreign vulnerability assessment systems, in this paper, we propose an improved network security assessment method based on Immunity algorithm. It integrates the advantages of both host based and network based scan system. Our goal is to explore the known security vulnerabilities, and to check hosts’ security effectively as well. It has the features of self-adaptive, distributed, and real time. Therefore, it provides a good solution to risk assessment for network security.

Download Full-text

Improving Webserver Security for Local Tax Reporting Applications Using Standard Penetration Testing Execution Methods

Jurnal Sistim Informasi dan Teknologi ◽

10.37034/jsisfotek.v3i1.83 ◽

2020 ◽

Author(s):

Yosua Ade Pohan ◽

Yuhandri Yunus ◽

S Sumijan

Keyword(s):

Information Security ◽

Cyber Attacks ◽

Security Systems ◽

Penetration Testing ◽

The Public ◽

Ddos Attack ◽

Vulnerability Testing ◽

Standard Penetration Testing ◽

Tax Reporting ◽

Open Port

Regional Tax Reporting Application Webserver is one of the public services for taxpayers to report their sales transactions. This application can be accessed on the domain http://sptpd.payakumbuhkota.go.id. This application is public, so the principles of information security must be applied to prevent cyber attacks. The principles of information security include confidentiality, integrity, and availability. To apply this information security principle, it is necessary to conduct vulnerability assesment of the application webserver. This study aims to improve the security of the application webserver so that the data and information in it is secure. The method used in this study is the Penetration Testing Execution Standard which is one of the methods developed by the Pentest Organization to become a standard in analyzing or auditing security systems. The results of vulnerability testing using software Acunetix, Nikto, BurpSuite and Owasp, there are seven types of vulnerabilities, namely: X-Frame Header Options is Missing, CSRF Attack, Cookie Without Only Flash, DNS Vulnerability, Ddos Attack, Bruteforce Page Login and Open Port. The vulnerability can be exploited, where the level of application vulnerability is in the medium category. The recommendations for fixing vulnerabilities can be applied by the developer, so that after repairs are made, the vulnerability level of the application webserver is in the low category and there is only one type of vulnerability, namely BruteForce Page

Download Full-text

Meningkatkan Keamanan Webserver Aplikasi Pelaporan Pajak Daerah Menggunakan Metode Penetration Testing Execution Standar

Jurnal Sistim Informasi dan Teknologi ◽

10.37034/jsisfotek.v3i1.36 ◽

2021 ◽

pp. 1-6

Author(s):

Yosua Ade Pohan

Keyword(s):

Information Security ◽

Cyber Attacks ◽

Brute Force ◽

Security Systems ◽

Penetration Testing ◽

The Public ◽

Ddos Attack ◽

Vulnerability Testing ◽

Tax Reporting ◽

Open Port

Regional Tax Reporting Application Webserver is one of the public services for taxpayers to report their sales transactions. This application can be accessed on the domain http://sptpd.payakumbuhkota.go.id. This application is public, so the principles of information security must be applied to prevent cyber attacks. The principles of information security include confidentiality, integrity, and availability. To apply this information security principle, it is necessary to conduct vulnerability assesment of the application webserver. This study aims to improve the security of the application webserver so that the data and information in it is secure. The method used in this study is the Penetration Testing Execution Standard which is one of the methods developed by the Pentest Organization to become a standard in analyzing or auditing security systems. The results of vulnerability testing using software Acunetix, Nikto, BurpSuite and Owasp, there are seven types of vulnerabilities, namely: X-Frame Header Options is Missing, CSRF Attack, Cookie Without Only Flash, DNS Vulnerability, Ddos Attack, Bruteforce Page Login and Open Port. The vulnerability can be exploited, where the level of application vulnerability is in the medium category. The recommendations for fixing vulnerabilities can be applied by the developer, so that after repairs are made, the vulnerability level of the application webserver is in the low category and there is only one type of vulnerability, namely Brute Force Page Login.

Download Full-text

ANALYSIS OF MATHEMATICAL METHODS OF MULTI-CRITERIA OPTIMIZATION AND DYNAMIC MANAGEMENT OF CYBERSECURITY RESOURCES OF INFORMATIZATION OBJECTS

Bulletin Series of Physics & Mathematical Sciences ◽

10.51889/2020-4.1728-7901.25 ◽

2020 ◽

Vol 72 (4) ◽

pp. 162-167

Author(s):

S.A. Аdiljanova ◽

◽

G.A. Тulepberdinova ◽

M.J. Sakypbekova ◽

N.A. Тekesbayeva ◽

...

Keyword(s):

Genetic Algorithm ◽

Information Security ◽

Communication Systems ◽

Cyber Attacks ◽

Security System ◽

Mathematical Methods ◽

Dynamic Configuration ◽

Security Systems ◽

Dynamic Management ◽

Information And Communication

The article discusses the possibility of modifying the genetic algorithm (GA) to solve the problems of selection, optimization and management of the dynamic configuration of information security means for the security chain of information and communication systems (ICS). The scientific novelty of the work lies in the fact that GA recommends using the total cost of information loss risks, as well as cost indicators for each class of information security systems as a criterion for optimizing the composition of the information security system. The genetic algorithm is considered as a kind of problem associated with multiple choice when optimizing the choice of information content of information security and solving problems of dynamic management of cybersecurity resources. In this concept, the optimization of the placement of the information security system along the security chain is considered as a modification of the combined backpack problem. The proposed approach allows not only to quickly calculate various versions of software and hardware information systems and their combinations for ICS, but also to dynamically manage the proposed algorithm with existing models and algorithms to optimize the composition of ICS cybersecurity chains and cybersecurity resources of various information objects. It is possible that such a combination of models and algorithms will quickly restore ICS protection by configuring profiles in accordance with the classes of new threats and cyber attacks.

Download Full-text