Tyshyk, I. та Hulak, Hennadii (2024) Testing an organization’s information system for unauthorized access Cybersecurity Providing in Information and Telecommunication Systems II 2024, 3826. с. 17-29. ISSN 1613-0073
![[thumbnail of I_Tyshyk_H_Hulak_CPITS_2024_3826.pdf]](https://elibrary.kubg.edu.ua/style/images/fileicons/text.png) |
Текст
I_Tyshyk_H_Hulak_CPITS_2024_3826.pdf Download (2MB) |
Анотація
Security assessment of information systems is crucial for identifying protection issues in their components and determining potential attack vectors. Penetration testing is conducted by simulating what a real attacker could do against the target system and offers an effective way of obtaining such information. This approach provides an unbiased view of the actual level of protection against attacks and demonstrates the effectiveness of security solutions for the company’s network infrastructure in practice. Penetration testing involves evaluating software or network infrastructure for vulnerabilities and attempting to exploit them for unauthorized access, bypassing, or damaging security components. These vulnerabilities may arise from misconfigurations of communication equipment, unsecured application code, network architecture design flaws, or the disclosure of confidential information. As a result of the testing, a comprehensive report is generated, explaining each vulnerability or chain of vulnerabilities exploited to gain unauthorized access to the target, detailing the steps taken to exploit them, and providing mitigation recommendations. Each identified vulnerability is assigned a risk rating, which is used to prioritize tasks for improving the security of the tested system. The paper examines methods for conducting penetration testing of an organization’s corporate network infrastructure for unauthorized access. A simulation of information systems testing for unauthorized access was performed, and potential attacks following such access were illustrated. The most common methods of exploiting potential vulnerabilities in corporate networks are presented.
| Тип елементу : | Стаття |
|---|---|
| Ключові слова: | information system; corporate network; penetration testing; virtual machine; web application; unauthorized access; network security tool; Kali Linux |
| Типологія: | Статті у базах даних > Scopus |
| Підрозділи: | Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки ім. професора Володимира Бурячка |
| Користувач, що депонує: | Павло Миколайович Складанний |
| Дата внесення: | 06 Груд 2024 07:52 |
| Останні зміни: | 06 Груд 2024 07:52 |
| URI: | https://elibrary.kubg.edu.ua/id/eprint/50144 |
Actions (login required)
 |
Перегляд елементу |