At the moment, penetration testing services in Australia is considered to be a key method for security issues from software, hardware, and network vulnerabilities. A penetration test is conducted through an external source that detects and measures all network vulnerabilities within a computer or system environment during the installation, configuration, and operation of a machine (Dewitt, 2009; Jones, 2006). There are two main types of penetration tests; manual and automated. Manual penetration tests aim to discover all network vulnerabilities in a computer or system environment during the installation, configuration, or operation of a machine (Dewitt, 2009; Jones, 2006). An example of this would be an access control list file vulnerability test where the administrator can manually access a file from outside the computer and see which programs have been run by certain users without permission. The next type of penetration test is known as a “malicious application”. This is normally used when installing applications and/or upgrading computer systems.
The Malware-Scanning Framework
The malwares-scanning framework is widely used on commercial products with Microsoft Windows Operating Systems. As described by DeNovo (2008), the Microsoft Security Foundation defines malware-scanning techniques as follows:
The above categories explain how threat actors could exploit their way into computers or networks and what they do with it. All these approaches use scanning to identify weaknesses in their systems. Examples of different types of scans are:
Manual vs Automated Attacks
The term “manual” means that the attacker does not require being physically present at all times when testing, scanning, and running a scan. The commonest automatic attack is the virus. It usually infects user accounts via email or other communications platforms. Some viruses infect only once and others can take over many times through repeated attacks (Dowitt, 2009; D’Amico & Mascara, 2011; Gao et al., 2013; Lussier et al., 2016). A successful attack may involve either a virus or other malicious code on the system. Each vulnerability is identified by its characteristics which include:
The type of attack
The technique used to infect the system
The level of infection
The impact of the attack
The severity of the attack
Each of these has its own effects. These attacks vary depending on the size of the organization, clientele base, customer base size, business model, technical capabilities, etc. (Dowitt, 2009; D’Amico & Mascara, 2011; Gao et al., 2013; Lussier et al., 2016). Most companies have a multi-level strategy. They focus on detecting various levels and trying to eliminate them altogether. They then move onto remediation and prevention. The final stage is addressing cyber risk. Companies like Google or Amazon hire highly trained staff to detect and eliminate threats. Additionally, companies like Cisco or HP offer additional resources to help deal with threat detection. For instance, IBM offers Threat Intelligence Center services and provides free access to Intrusion Prevention System tools (Dowitt, 2009; Dowitt, 2010). Such organizations also build expertise, such as training employees to respond to threats before they happen (Dowitt, 2010; Dowitt, 2010).
Some companies offer no retraining, or even give out some retraining information for free. Others allow any employee to provide the retraining, whether they want to share information or not. Many companies host public classes about cybersecurity and teach employees using tactics or tricks for attacking their competitors (Dowitt, 2010). Finally, some companies offer zero hours for hackers to try out and get involved. These zero hours allow hacker to gain new information and find ways to infiltrate even if he/she is not present at all times when he/she attacks.
There are three types of scanners. They are referred to as stand-alone scanners, shared scanners, and hybrid scanners. With standalone scanners, computers of the same operating systems are connected together and allowed to connect to each other (Dowitt, 2010). Shared scanners are used when sharing resources or resources between several computer systems that share same resources (Dowitt, 2010). Hybrid scans are just as much as standalone scanners but allow devices to connect to each other and create more than one connection. The first generation of a hybrid was designed to allow connections between four PCs that allow a single connection, but not between four computers (Dowitt, 2010). Now hybrid computers allow connections between two or more computers. For instance, in 2015, an employee working from home used a hybrid computer to connect his laptop to his workstation and created two machines working to the same extent, allowing him to work away from his physical desk (Dowitt, 2010; Dowitt, 2006). Today only two servers or computers need to be connected to each other using a hybrid.
Vulnerability Scan Policies And Procedures
A “Vulnerability Scan Policy” refers to the guidelines that specify the scope of a vulnerability investigation. All security policies must include specific actions a company will take in response to exposure to a vulnerability. One of the most important actions a company can take is to send its personnel to another location to investigate an issue (Dowitt, 2010). A person who investigates an issue might refer the matter to another site to determine how best they can affect their systems. Vulnerability Policy Statements can range anywhere from 24 hours to 48 hours after the incident happens (Dowitt, 2010; Dowitt, 2010). If it takes longer than 24 hours for the policy to effect action, the policy has expired. The last time a company sends its personnel to investigate an issue is called a closure date. Any business should make a commitment to “close the case” within 24 hours of a discovery of a vulnerability (Dowitt, 2010; Dowitt, 2010). It takes approximately seven days from the initial report of a vulnerability to the last notification of a vulnerability within the industry.
In addition, vulnerability policies must include steps to protect clients in the event of exposure to a vulnerability (Dowitt, 2010). They must specifically state what data is needed to remediate and what information must be kept confidential during the course of the investigation process (Dowitt, 2010). Failure to disclose this information creates huge problems because in case the issue becomes very serious, clients will not know what has happened and will keep asking questions when they encounter the problem again. Clients should see a written disclosure statement that warns them and gives them the option of giving feedback about the situation before signing up for service, but not necessarily in case of a non-hazardous discovery (Dowitt, 2010). Client’s and employees should be informed or asked if their personal information is needed during the investigation process (Dowitt, 2010; Dowitt, 2010). Confidentiality needs to be kept during the entire process because if the client or employees decides to sue you after discovering that your personal information is available, it costs the industry dearly.
The last step in investigating a vulnerability is a review of the affected system (Dowitt.2010). After reviewing the system, a team member has the option to restart the computer or shut off the computer, restarting a system is not sufficient for a thorough investigation to begin. That is why a specialist who has knowledge in the area is brought into the picture. During a typical day, a person might go to work for 10 hours and then go home and continue working until 7:30 PM, so the investigation will finish around 8 PM. At the beginning of each month, a special investigative team is paid by the company to perform a full-scale computer investigation (Dowitt. 2014). The results of the investigation are sent back to the client, which gets reviewed by the legal department. Once the case is completed, the result is brought forward to a legal committee, which decides whether it is worth suing the client. When a lawsuit is filed, the amount owed will be determined by trial and jury (Dowitt.2014). Usually, it is a verdict that is filed for $50,000, but it can be a lot more if there has been a court case, especially if someone wants millions.
Vulnerability scanning is done by administrators who have the skills and experience necessary to understand the nature of a threat. Administrators use professional skills to assess the likelihood of success, or failure, of their findings in finding answers to issues that come up during their investigations. Administrative specialists look beyond the simple to find patterns, trends, and anomalies within the information that is collected. They analyze and interpret big data to provide more accurate results. Administration specialists often specialize in topics that relate to computer technology.
The importance of a qualified threat analyst during the initial stages of a computer investigation is that unlike the usual computer operators, an analyst will become the expert witness in a legal case against the victim. He has the added advantage of taking over the trial as the prosecutor after making a plea or negotiating a settlement in the criminal justice system. His duty is not to defend or prosecute the accused, but rather to get as close as possible to get a fair outcome based on facts of the case (Dowitt, 2003).