Penetration Testing and Peer Responses

Penetration Testing

Pen testing is a security testing whose sole purpose is to find security vulnerabilities,
threats, and risks in a network, software, or application that an attacker can use to gain access.
The procedure for pen-testing involves the planning phase, where the scope and strategy of
the testing are determined. The discovery phase is where information on the system is
collected, and vulnerabilities are checked. The attack phase is where the exploits of the
vulnerabilities are found. The reporting phase is where the risks are found, and ways in which
they can impact the business are identified. This is also where the solutions are identified.
Pen testing, however, cannot identify all the risks in the system due to limitations like budget,
skills of the pen testers, scope, and time. The side effects of pen testing include an increase in
costs, corruption, and loss of data, and downtime (Guru 99, 2020).

Response to James

To enhance cybersecurity in an organization, the security program used should have a
couple of policies and procedures. The Acceptable Use Policy (AUP) involves a set of
constraints and practices that new employees in an organization must read and agree by

PENETRATION TESTING AND PEER RESPONSES 2
signing to access the organization’s network. The Access Control Policy (ACP) configures
the available access, which includes network access that the employees are given in line with
data of the organization and system’s information. The Change Management Policy involves
the formal procedure followed towards making changes to IT and the development of the
software (Hayslip, 2018). The Information Security Policy involves ensuring employees
using the organization’s network adhere to rules and guidelines stated. The Incident Response
(IR) Policy involves how an organization will handle an incident without damaging the
business. Remote Access Policy outlines the acceptable remote ways of accessing the
organization’s network. Communication Policy describes the medium the employees can use
to communicate. Disaster Recovery Policy outlines how an incident can be managed and the
activation of the Business Continuity Plan (BCP).
Response to Vick

Network and Statistics (Netstat) is a program that can be controlled by the use of
commands that are issued in the command line. The statistics that it can deliver to users
include the ports and addresses on which the corresponding connections are running and the
ports that are available for tasks. In windows OS, the Netstat services are accessed through
the command line. Netstat is necessary for that it helps when one is dealing with excessive
traffic and software that is malicious (Digital Guide IONOS, 2019). The knowledge that the
Netstat gives about the outbound and inbound connections to the computer is useful. The
problems that come with having ports open are leaving the system vulnerable to malwares
and giving Trojan viruses a chance to install a backdoor. To avoid these problems, the ports
opened by the system should be regularly checked, and that is where Netstat comes in. For
informative results to be obtained, programs such as internet browser should remain turned
off during the process.

Reference

Digital Guide IONOS. (2019, March 6). What is Netstat. Retrieved from Digital Guide
IONOS: www.ionos.com/digitalguide/server/tools/introduction-to-netstat/
Guru 99. (2020, April 29). Penetration Testing Tutorial: What is Pen Test? Retrieved from
Guru 99: https://www.guru99.com/learn-penetration-testing.html
Hayslip, G. (2018, March 16). 9 Policies and Procedures you need to know about if you're
starting a new security program. Retrieved from CSO United States:
www.csoonline.com/article/3263738/9-policies-and-procedures-you-need-to-know-