In today's distributed computing environment where computer networks and Internet are convenient medium of communication and information exchange, security is becoming more and more of an issue. Security in computer networks and Internet have serious implication in today's dynamic work environment. Security is now a basic requirement because distributed computing is inherently insecure. In an organization, irrespective of its size and volume, one of many roles played by the Network and System Administrators is to improve the security of computer infrastructure. However, with rapid surface of new vulnerabilities and exploits, sometime even a fully patched system or network have security flaws. There are different security measures which network/system administrator can deploy to secure the network or system, however, the best way truly to ensure that the network or system is secure, is to perform penetration testing. Penetration testing can provide Network and System Administrators with a realistic assessment of security posture by identifying the vulnerabilities and exploits which exist within the computer network infrastructure. Penetration testing uses the same principles as crackers or hackers to penetrate computer network infrastructure and thereby verify the presence of flaws and vulnerabilities and help to confirm the security measures.
The thesis starts with defining the theoretical background of a penetration test. When the foundation is set, the thesis moves on and proposes a suitable penetration testing methodology using Free/Open Source Softwares (F/OSS) and techniques, to find out to what extend a penetration testing can succeed. This thesis also tries to identify the future trends and further research directions in penetration testing and network security.
The aim of this thesis is to identify and explain a suitable methodology behind the penetration testing and illustrate free and open source tools and techniques to simulate a possible attacks that the Network and System Administrators can use against their network or system. Network surveying tools, port scanners, vulnerability scanners and exploitation framework are few of such tools, which should be used during a penetration test.