Skip to Main Content
Modern enterprise infrastructures adopt multilayer network architectures and heterogeneous server environments in order to efficiently fulfill each organization's goals and objectives. These complex network architectures have resulted in increased demands of information security measures. Each organization needs to effectively deal with this major security concerns, forming a security policy according to its requirements and objectives. An efficient security policy must be proactive in order to provide sufficient defense layers against a variety of known and unknown attack classes and cases. This proactive approach is usually interpreted wrongly in only up-to-date software and hardware. Regular updates are necessary, although, not enough, because potential mis-configurations and design flaws cannot be located and patched, making the whole network vulnerable to attackers. In this paper we present how a comprehensive security level can be reached through extensive Penetration Tests (Ethical Hacking). We present a Penetration Test methodology and framework capable to expose possible exploitable vulnerabilities in every network layer. Additionally, we conducted an extensive analysis of a network penetration test case study against a network simulation lab setup, exposing common network mis-configurations and their security implications to the whole network and its users.
Latin America Transactions, IEEE (Revista IEEE America Latina) (Volume:10 , Issue: 3 )
Date of Publication: April 2012