Pen testing is a security testing whose sole purpose is to find security vulnerabilities, threats, and risks in a network, software, or application that an attacker can use to gain access. The procedure for pen-testing involves the planning phase, where the scope and strategy of the testing are determined. The discovery phase is where information on the system is collected, and vulnerabilities are checked. The attack phase is where the exploits of the vulnerabilities are found. The reporting phase is where the risks are found, and ways in which they can impact the business are identified. This is also where the solutions are identified. Pen testing, however, cannot identify all the risks in the system due to limitations like budget, skills of the pen testers, scope, and time. The side effects of pen testing include an increase in costs, corruption, and loss of data, and downtime (Guru 99, 2020).
Response to James
To enhance cybersecurity in an organization, the security program used should have a couple of policies and procedures. The Acceptable Use Policy (AUP) involves a set of constraints and practices that new employees in an organization must read and agree by signing to access the organization’s network. The Access Control Policy (ACP) configures the available access, which includes network access that the employees are given in line with data of the organization and system’s information. The Change Management Policy involves the formal procedure followed towards making changes to IT and the development of the software (Hayslip, 2018). The Information Security Policy involves ensuring employees using the organization’s network adhere to rules and guidelines stated. The Incident Response (IR) Policy involves how an organization will handle an incident without damaging the business. Remote Access Policy outlines the acceptable remote ways of accessing the organization’s network. Communication Policy describes the medium the employees can use to communicate. Disaster Recovery Policy outlines how an incident can be managed and the activation of the Business Continuity Plan (BCP).
Response to Vick
Network and Statistics (Netstat) is a program that can be controlled by the use of commands that are issued in the command line. The statistics that it can deliver to users include the ports and addresses on which the corresponding connections are running and the ports that are available for tasks. In windows OS, the Netstat services are accessed through the command line. Netstat is necessary for that it helps when one is dealing with excessive traffic and software that is malicious (Digital Guide IONOS, 2019). The knowledge that the Netstat gives about the outbound and inbound connections to the computer is useful. The problems that come with having ports open are leaving the system vulnerable to malwares and giving Trojan viruses a chance to install a backdoor. To avoid these problems, the ports opened by the system should be regularly checked, and that is where Netstat comes in. For informative results to be obtained, programs such as internet browser should remain turned off during the process.
Digital Guide IONOS. (2019, March 6). What is Netstat. Retrieved from Digital Guide IONOS: www.ionos.com/digitalguide/server/tools/introduction-to-netstat/
Guru 99. (2020, April 29). Penetration Testing Tutorial: What is Pen Test? Retrieved from Guru 99: https://www.guru99.com/learn-penetration-testing.html
Hayslip, G. (2018, March 16). 9 Policies and Procedures you need to know about if you’re starting a new security program. Retrieved from CSO United States: www.csoonline.com/article/3263738/9-policies-and-procedures-you-need-to-know-about-if-youre-starting-a-new-security-program.html