Effective penetration testing with Metasploit framework and methodologies

Author

Holik, F. ; Horalek, J. ; Marik, O. ; Neradova, S. ; Zitta, S.

Author_Institution

Fac. of Electr. Eng. & Inf., Univ. of Pardubice, Pardubice, Czech Republic

fYear

2014

fDate

19-21 Nov. 2014

Firstpage

237

Lastpage

242

Abstract

Nowadays, information security is very important, because more and more confidential information, like medical reports, is being stored electronically on computer systems and those systems are often connected to computer networks. This represents new challenges for people working in information technology. They have to ensure that those systems are as much secure as possible and confidential information will not be revealed. One possible way how to prove system security is to conduct regular penetration tests - e.g. simulate attacker´s malicious activity. This article briefly introduces the basics of penetration testing and shows how to deploy and use Metasploit framework when conducting penetration testing. Finally, a case study in production environment is shown. Software tools and techniques described in this work are also valid and applicable for SCADA systems and moreover in any other field where computer networks are used.

Keywords

computer network security; Metasploit framework; SCADA systems; attacker malicious activity simulation; computer networks; confidential information; information security; penetration testing; software tools; Computers; Operating systems; Ports (Computers); Production; Security; Testing; Metasploit; Nessus; Nmap; Open VAS; exploit; penetration testing; vulnerability;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence and Informatics (CINTI), 2014 IEEE 15th International Symposium on

Conference_Location

Budapest

Type

conf

DOI

10.1109/CINTI.2014.7028682

Filename

7028682