Ethical Hacking and Penetration Testing Report - IT Security

Verified

Added on 2022/08/12

AI Summary

This report delves into the concepts of ethical hacking and penetration testing, highlighting their significance in IT security. It differentiates between penetration testing, which is goal-oriented and used to simulate cyber-attacks, and vulnerability assessment, which is list-oriented and focuses on identifying and evaluating system weaknesses. The report emphasizes the importance of penetration testing for organizations with strong security postures and the role of vulnerability assessment in enhancing overall security. The report also introduces NMAP, an open-source tool used for scanning networks and identifying vulnerabilities. The report references key resources to support its analysis of these critical cybersecurity concepts.

Running Head: IT 0
Ethical hacking and penetration testing

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT 1
Ethical hacking and Penetration test
Penetration testing is a systematic approach and also termed as ethical hacking used
by hackers to scale a simulated cyber-attack in the face of an organisation IT infrastructure to
securely inspect for exploitable susceptibilities. It may exist in applications, systems, services
and user behaviour (Goel & Mehtre, 2015). On the contradictory side, vulnerability
assessment is used to discover and evaluate the severity of susceptibilities within the system
in question. It also involves inclusive and thorough evaluation of safety defences build to
determine weaknesses and suggests necessary remediation to remove or decrease risks
totally.
Generally, penetration testing is goal oriented whereas the vulnerability assessment is
a list oriented. When the maturity level of an organisation is high, penetration testing is more
useful. In other words, company has a strong security posture, however, requires to assess
whether or not it is hack-proof. In relation with vulnerability assessment, it mainly aims to
enhance the safety posture of organisation rather than check it and attempts to remove or
mitigate possible vulnerabilities. Vulnerability assessment also does not requires high
expertise and professionals and in-house employees of the enterprise can easily perform the
tasks (Goel & Mehtre, 2015). On the other hand, high skilled professionals are required in
case of penetration testing due to its nature of being intensive process.
One of the effective tools that can be used for the penetration test includes – The
Network Mapper (as well recognised as “NMAP”). It is an open source tool help an
organisation or individual to scan vulnerabilities in the networks and systems. With using this
tool, one creates a virtual map of the network section and then identify the key zones of
weaknesses that a hacker can enter through easily (resources.infosecinstitute.com, 2019). It is
also beneficial in carrying out other activities comprising service uptime or monitoring host
and put efforts on mapping of network attack surfaces.

IT 2
References
Goel, J. N., & Mehtre, B. M. (2015). Vulnerability assessment & penetration testing as a
cyber defence technology. Procedia Computer Science, 57, 710-715.
resources.infosecinstitute.com. (2019). The Top 5 Pentesting Tools You Will Ever Need.
Retrieved from https://resources.infosecinstitute.com/category/certifications-
training/pentesting-certifications/top-pentesting-tools/#gref