Exploiting UoS Enterprise Network and Web Server Vulnerabilities through Penetration Testing

Security is an ever-changing world that uses testing tools, techniques and architectures to mitigate risks. As technology changes and hackers seek to exploit vulnerabilities, companies face a constant battle to protect their data, reputation, and any number of business or academic assets. The practi

Project Title

Exploiting UoS Enterprise Network and Web Server Vulnerabilities through Penetration Testing

Project Area of Specialization

Cyber Security

Project Summary

Security is an ever-changing world that uses testing tools, techniques and architectures to mitigate risks. As technology changes and hackers seek to exploit vulnerabilities, companies face a constant battle to protect their data, reputation, and any number of business or academic assets. The practice of testing a computer system, network or web application is to identify security vulnerabilities that an attacker might be able to exploit. Penetration testing is done in a controlled environment to help organisations understand where vulnerabilities may exist, allowing them to identify, find and correct issues before a data breach occurs. After that, an organisation system and IT managers can make informed decisions (we will also provide the solutions) about the next steps they need to take to improve their security. Penetration testing is vital for organisations that are constantly looking for ways to improve their security offerings.

So there is such a rules or criteria’s for this assessment, like if risk is on High then these issues describe conditions that may directly result in compromise or unauthorized access to a network, device, application or confidential information. If risk is on Medium range then these types of issues identify conditions that do not immediately or directly result in the compromise or unauthorized access of a network system, application of information. And if risk is on Low, these issues identify conditions that do not immediately or directly result in compromise of a network, system, application or information, but do provide information that could be used in combination with other information to gain insight into how to compromise.

Project Objectives

The main aim of this project is to find vulnerabilities in System of Particular organisation, to know how to secure our websites and some networks, and to apply security so that it can be protected from the attackers.

And the specified objectives are;

• Exploiting System vulnerabilities for University of Sindh
• Identify the security vulnerabilities impacting the assets
• To perform penetration testing of the system
• To perform a vulnerability assessment
• To Simulate this procedure in MATLAB or packet-tracer/GNS3 for the testing purpose
• Determine the quantifiable risk for each vulnerability and give remediation tools to patch, configure, or debug assets as necessary to reduce or eliminate security risks.

Project Implementation Method

Errors, faults, and failures are introduced in many stages of the network, webs and software life-cycle. It is therefore difficult to measure the characteristics of vulnerabilities objectively or make generalizations about this class of failures. As unifying definition of vulnerabilities can identify vulnerabilities and allow researchers to agree on the object of the study. It can also be used to identify areas of focus for the development of various vulnerabilities. So therefore beneficials of penetration testing and find the vulnerabilities are enhancing the Management system, avoid fines, protection from financial damage and also from the attackers. So that we are focusing to discover the potential threats to each resource, Assigns quantifiable value and significance to the resources available, Attempts to mitigate or eliminate potential vulnerabilities in valuable resources, Gather targeted information and/or inspect the system and also provide the non-intrusive, documentary and environmental review and analysis. So that we can replicate the actions of external or/and internal cyber attackers that are intended to disrupt information security and hack valuable data or disrupt the normal functioning of the University.

Benefits of the Project

Basically there is a lot of benefits to performing this, for an organization like to identify known safety exposures before attackers find them. Create an inventory of all devices on the system, including the purpose and information of the system. This also includes vulnerabilities associated with a particular device. Create an inventory of all devices in the enterprise to assist in the planning of upgrades and future assessments. Define the level of risk that exists within the network, establish a business risk/benefit curve and optimize security investment. Then that VA reports like the physical measurements often require the interpretation and insight of a security veteran. That is why it is crucial to work with an expert to determine which vulnerabilities require a simple patch and which require more in-depth remediation. It's like getting an MRI scan of all the systems in many ways. Are they healthy or are they not? And which treatments will be most effective in bringing back your customer databases, servers and other IT assets to good health.

Technical Details of Final Deliverable

At the technical level, the vulnerability assessment involves three phases. In the first phase, organisations undertake information gathering and discovery efforts to better understand the hardware and software present in their environment. This often involves network scanning to discover hosts, port scanning to discover services and protocols that may be vulnerable, and reviewing directory service and DNS information to understand which hosts might be targeted by attackers. Once the assessor has completed a full discovery effort to understand hosts present in the environment, a more in-depth review and listing of operating systems, applications, ports, protocols and services will determine the full extent of the attack surface vulnerable to attackers. The final phase of the assessment involves the actual detection of vulnerabilities, using the detection tool to identify vulnerabilities in the assets listed above. This process generates reports, with scores and risk information. The final step of the phase is to use remediation tools to patch, configure, or debug assets as necessary to reduce or eliminate security risks due to vulnerabilities detected.

Final Deliverable of the Project

Software System

Core Industry

Telecommunication

Other Industries

Legal , Others , Security

Core Technology

Others

Other Technologies

Sustainable Development Goals

Decent Work and Economic Growth, Industry, Innovation and Infrastructure, Partnerships to achieve the Goal

Required Resources

If you need this project, please contact me on contact@adikhanofficial.com