Title :
Effective penetration testing with Metasploit framework and methodologies
Author :
Holik, F. ; Horalek, J. ; Marik, O. ; Neradova, S. ; Zitta, S.
Author_Institution :
Fac. of Electr. Eng. & Inf., Univ. of Pardubice, Pardubice, Czech Republic
Abstract :
Nowadays, information security is very important, because more and more confidential information, like medical reports, is being stored electronically on computer systems and those systems are often connected to computer networks. This represents new challenges for people working in information technology. They have to ensure that those systems are as much secure as possible and confidential information will not be revealed. One possible way how to prove system security is to conduct regular penetration tests - e.g. simulate attacker´s malicious activity. This article briefly introduces the basics of penetration testing and shows how to deploy and use Metasploit framework when conducting penetration testing. Finally, a case study in production environment is shown. Software tools and techniques described in this work are also valid and applicable for SCADA systems and moreover in any other field where computer networks are used.
Keywords :
computer network security; Metasploit framework; SCADA systems; attacker malicious activity simulation; computer networks; confidential information; information security; penetration testing; software tools; Computers; Operating systems; Ports (Computers); Production; Security; Testing; Metasploit; Nessus; Nmap; Open VAS; exploit; penetration testing; vulnerability;
Conference_Titel :
Computational Intelligence and Informatics (CINTI), 2014 IEEE 15th International Symposium on
Conference_Location :
Budapest
DOI :
10.1109/CINTI.2014.7028682
