Internal Network Penetration Testing Using Free/Open Source Tools: Network and System Administration Approach

Abstract

Network security is a growing concern in a modern world, irrespective of the size or volume of the organization. Penetration testing is one of the techniques that are used for network and systems security assessment. It involves legally attempting to break into the network to check available vulnerability and exploits, simulating what a real hacker might do. It can enhance the security of the network as it looks for exploits and vulnerability present in the system, then come up with ways to mitigate the risks. In this paper, a virtual network laboratory is designed and setup to conduct the penetration test by demonstrating attacks and intrusion into the network infrastructure. Kali Linux operating system is used to perform penetration testing. Information gathering, vulnerability analysis, exploitation, reporting also presented as part of penetration testing followed by a penetration testing methodology. Theoretical background on penetration testing has also been discussed. Information gathering tools (Dmitry, Nmap and zenmap), vulnerability scanning tools (Nexpose community, Nessus, GFI Languard and OpenVAS) and exploitation tools (Armitage, Metasploit framework) are used to simulate possible attacks.