JOURNAL OF COMPUTING, VOLUME 1, ISSUE 1, DECEMBER 2009, ISSN: 2151-9617 187

HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/

Penetration Testing: A Roadmap to Network

Security
Mr. Nitin A. Naik, Mr. Gajanan D. Kurundkar, Dr. Santosh D. Khamitkar, Dr. Namdeo V. Kalyankar

Abstract:  Network  penetration  testing  identifies  the  exploits  and  vulnerabilities  those  exist  within  computer  network  infrastruc‐
ture and help to confirm the security measures. The objective of this paper is to explain methodology and methos behind penetra‐
tion  testing  and  illustrate  remedies  over  it,  which  will  provide  substantial  value  for  network  security  Penetration  testing  should 
model  real  world  attacks  as  closely  as  possible. An  authorized  and  scheduled  penetration  testing  will  probably  detected  by  IDS 
(Intrusion Detection System). Network penetration testing is done by either or manual automated tools. Penetration test can gather 
evidence of vulnerability in the network.  Successful testing provides indisputable evidence of the problem as well as starting point 
for prioritizing remediation. Penetration testing focuses on high severity vulnerabilities and there are no false positive.
Index Terms— Attacks, Intruder, Penetration Testing, Social Engineering attacks,

—————————— ‹ ——————————
1 INTRODUCTION

P 
enetration testing can reveal to what extent the se- truders lacking in-depth background knowledge and
curity of IT systems is threatened by attacks by driven by curiosity who mainly direct attack tools
hackers, crackers, etc., and whether the security downloaded from the Internet against arbitrary or
measures in place are currently capable of ensuring IT prominent targets.[1] Intruders can have a range of mo-
security. For a clearer picture of the risks to IT security, tives for carrying out attacks on IT infrastructure.[1]
the term “penetration test” and the methods used for test-
ing were established in 1995 when the first Unix-based 3. MAJOR NETWORK ATTACKS
vulnerability scanner “SATAN” was introduced. At that There are many ways of manipulating, Illigally updating 
time the program was the first tool that was able to auto- or damaging IT Networks and of preparing an attack on 
matically scan computers to identify vulnerabilities. IT Network.  
Nowadays, there are a number of freeware and commer- 3.1 Network-based attacks:
cial vulnerability scanners, most of which have an up- “Network‐based  attacks”  use  network  protocol  function‐
datable database of known hardware and software vul- alities  for  exploitation  and  damage.  Network‐based  at‐
nerabilities. These tools are a convenient way of identify-
tacks  are  extended  for  Port  Scanning,  IP  Spoofing,  Sniff‐
ing vulnerabilities in the systems being tested and there-
ing,  Session  Hijacking,  DoS  attacks,  buffer  overflow  at‐
fore of determining the risks involved. Penetration testing
is also reffered as Pen Testing or White Hat Attack be- tack  impairs  the  target  system  by  overflowing  a  buffer 
cause good guys are also try to break in to system. whose  boundry  is  unchecked.[2]  ,format  string  attacks, 
and other exploitation of vulnerabilities in operating sys‐
2. INTRUDERS tems, application systems and network protocols. 
The term “Hacker” is used to refer to any person who 3.2 Social engineering attacks:
illegally logged into other IT systems without authoriza- Social  engineering  attacks  are  attempts  to  manipulate 
tion. “Hackers” are regarded as being intelligent pro- people  with  privileged  knowledge  to  make  them  reveal 
grammers who target security loopholes in IT systems for security‐related  information  such  as  passwords  to  the 
technical reasons they are not destroy anything but only attacker. The ranges of possible attacks are wide with this 
for curiosity they enter into someone else’s system. technique.  In  its  broadest  sense,  social  engineering  can 
“Crackers” are people with criminal energy who utilize also cover situations in which security related information 
weak points of IT systems to gain illegal advantages, so-
is  obtained  by  extortion.  Social  Engineering  Penetration 
cial attention or respect.[1] They are normally peoples
test  works  best  when  there  are  specific  policies  and  pro‐
who get access of complete software by cracking the serial
or password of software. “Script kiddies” are usually in- cedures that are being tested.[3]  
 
———————————————— 4. PENETRATION TESTING : STEPS
• Mr. N.A.Naik is working as lecturer with Dept. of Computer Science and Following steps are followed for penetration testing over 
IT , Yeshwant College Nanded the network: 
• Mr. G.D.Kurundkar is working as Lecturer with Dept. of Computer Sci-
ence S.G.B. College Purna 4.1 Information about the target system
• Dr. S.D. Khamitkar is working as Director, School of Computational Sci- Every  Computer  that  can  be  accessed  over  the  internet 
ences S.R.T.M.University , Nanded. have  an  official  IP  address.  Some  organizations  provides 
• Dr. N.V.Kalyankar is working as Principal, Yeshwant College Nanded.
the information regarding the block of ip addresses about 
the systems over internet. 
JOURNAL OF COMPUTING, VOLUME 1, ISSUE 1, DECEMBER 2009, ISSN: 2151-9617 188
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/

4.2 Scan target systems for services on offer time‐consuming.  These  long  test  steps  are  usually  per‐
An  attempt  is  made  to  conduct  a  port  scan  of  the  Sys‐ formed  automatically,  the  time  required  for  them  still 
tems(s)  being  tested,  open  ports  being  indicative  of  the  needs  to  be  taken  into  account  in  the  planning.  Thus  a 
applications assigned to them. [2]  penetration test can take several days. 
4.3 Identify systems and applications Phase 3: Analyzing information and risks: A successful, 
The names and version of operating systems and applica‐ clear  and  economically  efficient  procedure  must  analyze 
tions  in  the  target  systems  can  be  identified  by  “finger‐ and assess the information  gathered before the test steps 
printing”.   for  actively  penetrating  the  system.  The  analysis  must 
4.4 Researching Vulnerabilities include  the  defined  goals  of  the  penetration  test,  the    
Information  about  vulnerabilities  of  specific  operating  possible  risks  to  the  system  and  the  time  required  for 
systems  and  applications  can  be  researched  efficiently  evaluating  the  possible  security  flaws  for  the  succeeding 
using  the  information  gathered.  Every  operating  system  active penetration attempts. The aims in phase 4 are then 
have some loophole in it so that the data or the informa‐ selected on the basis of this analysis. From the list of iden‐
tion  which  is  stored  in  the  operating  system  may  be  at‐ tified  systems  the  tester  may  choose  the  systems  which 
tacked  by  an  intruder  ,  so  the  researchers  should  gather  have known potential vulnerabilities due to their configu‐
the initial information of operating system and then try to  ration  or  the  identified  applications/services  or  those 
penetrate the system by applying some rules.  about which the tester is particularly knowledgeable. In a 
4.5 Exploiting vulnerabilities penetration  test  for  which  the  number  of  target  systems 
Detected  vulnerabilities  can  be  used  to  obtain  unauthor‐
has  been  clearly  defined  in  phase  2,  this  selection  means 
ized  access  to  the  system  or  to  prepare  further  attacks. 
that the number of target systems for phase 4 is automati‐
The  quality  and  value  of  a  penetration  test  depends  pri‐
cally  reduced.  The  restrictions  must  be  broadly  docu‐
marily on the extent to which the test caters to the client’s 
mented and justified because addition to the desired im‐
personal situation, i.e. how much of the tester’s time and 
provement  in  efficiency,  they  also  lead  to  a  reduction  in 
resources are spent on detecting vulnerabilities related to 
the informative value of the penetration test and the client 
the  IT  infrastructure  and  how  creative  the  tester’s  ap‐
needs to be made aware of this.  
proach  is.  This  process  cannot  be  covered  in  the  general 
Phase  4:  Active  intrusion  attempts:  Finally,  the  selected 
description  above,  which  is  why  there  are  huge  differ‐
systems  are  actively  attacked.  This  phase  involves  the 
ences in the quality of penetration testing as a service. 
highest  risk  within  a  penetration  test  and  should  be  per‐
 
formed  with  due  care.  However,  only  this  phase  reveals 
5. HOW IT WORKS ? the  extent  to  which  the  supposed  vulnerabilities  identi‐
The following introduces the five phases of a penetration 
fied  in  the  investigation  phase  present  actual  risks.  This 
test  based  on  the  steps  given  above.  The  individual 
phase  must  be  performed  if  a  verification  of  potential 
phases take place successively.  
vulnerabilities  is  required.  For  systems  with  very  high 
Phase 1: Introductory Preparation; It is difficult to fulfill 
availability or integrity requirements, the potential effects 
the client’s expectations without good grounding, such as 
need to be carefully considered before performing critical 
reaching a settlement on the objectives of the penetration 
test procedures, such as the utilization of buffer overflow 
test. At the start of a penetration test the client’s objectives 
exploits.  In  a  white‐box  test,  a  patch  may  need  to  be  in‐
must be clarified with him and defined. The performance 
stalled  on  critical  systems  before  performing  the  test  to 
of  a  penetration  test  without  taking  full  account  of  the 
prevent system failure. The test will probably not be able 
relevant  legal  provisions  could  have  cost  under  criminal 
to locate any vulnerability, but will document the security 
or civil law. The tester must therefore ensure that the test 
of the system. Unlike a hacking attack, however, the pene‐
procedures  are  not  going  to  violate  legal  provisions  or 
tration test is not complete – it will be continued.  
contractual Settlements. The failure of a testing could also  Phase 5: Final analysis: As well as the individual test
lead to alternative demands. All details agreed to should  steps, the final report should contain an evaluation of the
be put in writing in the contract.   vulnerabilities found in the form of potential risks and
Phase 2: Investigation : After the testing decision , objec‐ recommendations for eliminating the vulnerabilities and
tives, scope, procedures, emergency measures ,limitations  risks. The report must guarantee the transparency of the
have been defined , taking account of the legal and organ‐ tests and the vulnerabilities it found during testing. The
izational aspects and other conditions, the tester can start  findings of risks for IT security should be discussed in
gathering information on the target system. This phase is  detail with the client after the successful completion of
the  passive  penetration  test.  The  aim  is  to  get  complete  the test procedures.
information  of  the  system  and  get  information  of  short‐ For  a  successful  penetration  test  that  meets  the  client’s 
comings in the system. Depending on the size of the net‐ expectations, the clear definition of goals is mainly essen‐
work  to  be  examined,  the  test  steps  may  be  extremely  tial.  If  goals  cannot  be  achived  efficiently,  the  tester 
should notify the client in the preparation phase and pro‐
JOURNAL OF COMPUTING, VOLUME 1, ISSUE 1, DECEMBER 2009, ISSN: 2151-9617 189
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/

pose alternative procedures such as an IT audit or IT se‐ ing may result into attack[6]. As definition of Testing ser‐
curity  consulting  services.  Client  goals  that  can  be  at‐ vice  can  only  find  the  vulnerabilities  and  cannot  prove 
tained  by  penetration  testing  can  be  divided  into  four  the  absence  of  vulnerabilities,  although  the  independent 
categories:   client  test  consistently  show  the  quality  of  penetration 
1. Improving security of technical systems   test.  As  penetration  test  report  shows  the  methodology 
2. Identifying vulnerabilities   which  is  used  during  test  and  various  procedures  used 
3. Having IT security confirmed by an external  during  penetration  test  a  person  who  have  some  experi‐
agency  ence  about  the  network  security  can  guage  the  through‐
4. Improving security of infrastructure of organiza‐ ness of the test.  
tion and personal infrastructure    
The result of an IT penetration test should not be only list 8. CONCLUSION
of existing vulnerabilities but also suggest specific solu- This  paper  gives  information  about  the  penetra‐
tions for their elimination because A penetration test is an tion testing , its methodologies and its application. High‐
authorized, local attempt to "hack" into a system, to iden- lights  how  an  experienced  security  consultant  is  neces‐
tify exploitable weaknesses, and to reveal what systems
sary for the good penetration and role of him to give se‐
and data are at risk.[4]
curity system to the host machine by expecting the secu‐
rity  attacks.  The  institutions  /  offices  /  companies  where 
6. APPLICATIONS OF PENETRATION TESTING
the network system is installed , it is necessary to deploy 
• Understand and reduce the impact, frequency, and
sternness of security incidents. the  security  personnal  who  knows  the  possible  modern 
• Meet compliance and regulatory requirements that re- security attacks and try to develop a mechanism to over‐
quire security assessments[5]. come  these  security  attacks.  For  this  it  is  necessary  that 
• Optimize and prioritize resources used to remediate the  penetration  system  should  be  accrurately  and  scien‐
vulnerabilities[5]. tifically created and executed. While documenting the test 
• Gain peace of mind about security safeguards, controls, results  of  penetration  system  a  scientific  and  procedural 
and policies[5]. approach  should  be  there.The  penetration  testing  results 
• Identifies vulnerabilities and risks in your networking should be taken frequently as there are day‐to‐day modi‐
infrastructure. fications  in  the  attacks  over  network.  As  per  the  new 
• Validates the effectiveness of current security safe- modified  attacks  over  network  the  penetratrion  test 
guards. should be modified as per attack (The security personnal 
• Quantifies the risk to internal systems and confidential should  think  as  hacker).The  organizations  where  the 
information.
penetration  system  is  deployed  should  give  roadmap  to 
• Raises executive awareness of corporate liability.
the  security  personal  for  the  security  measures.  As  a 
• Provides detailed remediation steps to prevent network
measurement  tool,  penetration  testing  is  most  powerful 
compromise.
• Validates the security of system upgrades. when  fully  integrated  into  the  development  process  in 
• Protects the integrity of online assets. such  a  way  that  findings  can  help  improve  design,  im‐
• Helps to achieve and maintain compliance with federal plementation, and deployment practices. 
and state regulations  
• Using an automated product allows you to consistently  REFERENCES
[1] Federal office of Information Security , Godesburger alee , 185-189
test your network and easily integrate the practice with 
53175 Bonn. , http://www.bsi.bund.de
your  overall  security  program.  This  means  you’ll  have  [2] Diok Jin Kim, Tae Hyung Kim , Jong Kim and Sung J Hong , “Return
more confidence in the overall security of network[5]  address randomization scheme for annulling Data Injection Buffer
• It  will  give  information  about  the  how  much  informa‐ Overflow Attacks”, Inscript 2006 , LNCS 4318 , Springer Verlag Berlin
Hiedilberg , pp. 238-252 , 2006
tion is publicly available?.  [3] “Penetration Testing Methodology” , Syrnix Technologies :
•  Confidential pp.4
[4] “2008 CSI Computer Crime and Scurity Survey”, Computer
Security institute publication , pp.2
7. LIMITATIONS OF PENETRATION TESTING [5] “Penetration Testing : Proactively Address Risk,"
Now  a  days  attackers  or  hackers  are  becomes  www.tatacommunications.com/enterprise/security
more smart and intelligent and the new sercurity related  [6] Arif Zina , “Penetration Testing Techniques for an analysis
problems  in  IT  sercurities  are  reported  very  rapidly.To  perspective” , http://www.scribd.com/doc/13470161/Final-
Project-Penetration-Testing
make  a  system  more  sercure  it  is  necessary  to  take  bulk 
tests at a time. A new security loophole may mean that a  AUTHORS
successful  attack  could  take  place  immediately  after  a 
penetration test has been completed.[2] It is possible that  Nitin A. Naik Completed M.Sc. Computer Science from S.R.T.M.
University in 1997 and from Dec. 1997 working as Lecturer in Dept.
the new security hole which is not discovered during test‐ of Computer Science & IT , Yeshwant College Nanded.From Jan.
JOURNAL OF COMPUTING, VOLUME 1, ISSUE 1, DECEMBER 2009, ISSN: 2151-9617 190
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/

2007 working as Network Administrator for campus wide network of

same college. He is also life member of Indian Science Congress,
Kolkata (India).

Gajanan D. Kurundkar Completed M.Sc. Computer Science from

S.R.T.M. University Nanded in 2000. He joined as lecturer in Dept. of
Commputer Science from June 2001 to Jan. 2006 , Currently work-
ing as Lecturer in Dept of Computer Science at Sri Gurubuddhi
Swami College Purna (India) from Jan.2006 to till date. He is also life
member of Indian Science Congress, Kolkata (India)

Santosh D. Khamitkar: Completed M.Sc. Computer Science from

B.A.M. University , Aurangabad. in 1994. in 1995 he joined as Lec-
turer in School of Computational Sciences in S.R.T.M.University
Nanded. He Completed his Ph.D. from S.R.T.M. University in 2009
and currently he is working as Director , School of Computational
Sciences , S.R.T.M. University , Nanded. He is Technical Advisor
(Freelance) of Portal Infosys, Nanded. He is also Research Guide for
Computer Studies in S.R.T.M. University , Nanded. He is life member
of Indian Science Congress, Kolkata (India)

Namdeo V. Kalyankar: Completed M.Sc. Physics from B.A.M. Uni-

versity , Aurangabad. in 1980. in 1980 he joined as Lecturer in De-
partment of Physics in yeshwant College,Nanded. In 1984 he com-
pleted his DHE. He Completed his Ph.D. from B.A.M.University in
1995. From 2003 he is working as Principal since 2003 to till date in
Yeshwant college Nanded. He is also Research Guide for Computer
Studies in S.R.T.M. University , Nanded. He is also worked on vari-
ous bodies in S.R.T.M. University Nanded. He also published re-
search papers in various international/ national journals. He is peer
team member of NAAC (National Assessment and Accreditation
Council)(India). He published a book entitled “ DBMS Concept and
programming in Foxpro”. He also got “Best Principal” award from
S.R.T.M. University, Nanded(India) in 2009. He is life member of
Indian Science Congress , Kolkata (India). He is also honored with
th
Fellowship of Linnean Society of London (F.L.S.) on 11 Nov. 2009