Research On Penetration Testing Platform Based On Kali Linux

In today's distributed computing environment where computer networks and Internet are convenient medium of communication and information exchange,security is becoming more and more of an issue.Security in computer networks and Internet have serious implication in today's dynamic work environment.Security is now a basic requirement because distributed computing is inherently insecure.In an organization,irrespective of its size and volume,one of many roles played by the Network and System Administrators is to improve the security of computer infrastructure.However,with rapid surface of new vulnerabilities and exploits,sometime even a fully patched system or network have security flaws.There are different security measures which network/system administrator can deploy to secure the network or system,however,the best way truly to ensure that the network or system is secure,is to perform penetration testing.Penetration testing can provide Network and System Administrators with a realistic assessment of security posture by identifying the vulnerabilities and exploits which exist within the computer network infrastructure.Penetration testing uses the same principles as crackers or hackers to penetrate computer network infrastructure and thereby verify the presence of flaws and vulnerabilities and help to confirm the security measures.The thesis starts with defining the theoretical background of a penetration test.When the foundation is set,the thesis moves on and proposes a suitable penetration testing methodology using Free/Open Source Softwares(F/OSS)and techniques,to find out to what extend a penetration testing can succeed.The aim of this thesis is to identify and explain a suitable methodology behind the penetration testing and illustrate free and open source tools and techniques to simulate a possible attacks that the Network and System Administrators can use against their network or system.Network surveying tools,port scanners,vulnerability scanners and exploitation framework are few of such tools,which should be used during a penetration test.This thesis will introduce some penetration testing methods to help pentester plan and design before performing tasks,avoiding wasting effort and time.Penetration testing with Linux is one of the best ways to perform tests.It is a versatile tool.Linux comes in many flavors like Kali Linux allows for the customization of the software itself plus the tools that you use.Therefore,the customization and level of sophistication is limitless.It integrates and optimizes more than 600 network security tools.In the laboratory,a penetration test platform based on Kali Linux was designed to simulate a small organization network(including DHCP server,FTP server,WEB server,user computer,etc.).In this phase,the principles and functions of various network tools will be described in detail,and the virtual network will be tested for penetration using well-known open source tools and frameworks(such as port scanner Nmap,vulnerability scanner OpenVas,penetration testing framework Meatsploit,etc.).