Penetration Testing: An Ethical Hacking Plan for Sudan University of Sciences and Technology Network

Abstract

Computer systems are usually vulnerable to attacks of malicious hackers and crackers. Penetration testing is a form of stress testing, since it provides a way to assess the computer system, and points out any vulnerabilities that can be exploited by hackers. It can find flaws in the security system. It is a valued assurance assessment tool that can be of great help for the system administrators, as it will help them tighten up their system security. It is an area worthy of research because it crosses a lot of IT domains, technologies, specializations and disciplines. Despite its critical importance, we find a dearth of research in this area. This research is a small attempt to explore the depth of this area. We began by discussing and differencing between ethical hacking and malicious hacking, and then we reviewed the methodologies used in work of penetration test as well as a detailed description of the tools used in it. As performed this research (penetration testing) on SUST network. We thought, behaved and used the same tools and techniques that malicious hackers used. We followed Certified Ethical Hacker (Five stages) methodology using black box testing with remote network ethical hacking type. This application has been represented by two phases of the overall methodology that describes the five stages. The result of the test is rich with information that describes the current security situation of the SUST network. The simplicity of the information gathering process and the amount of information and the number of findings with high level risk, showed how much SUST network is vulnerable to attacks of malicious hackers