Subscribe by Email

Tuesday, May 1, 2012

How does penetration testing tool emphasize on security subsystem?

Security is one of the important contributing factors in the success of a software system or application. The security level of the software system or application also influences the security of the users that use that system or application. The higher the security of a system is, the more secure it is for use. 

Since security plays a very important role in the computer world, there has to be some strategy or testing methodology that could judge or assess the security levels and mechanisms of the software systems and applications.
Do we have any such testing methodology? Yes of course we have! The penetration testing! 

About Penetration Testing and Security Sub Systems

- This software testing methodology has the answers to all our security related issues.
- The security mechanism of a software system or application is comprised of many sub mechanisms or sub systems which are commonly addressed as security sub systems. 
- These security subsystems are security components that make up the whole security model of the system.
- These sub systems ensure that the applications are not able to access the resources without being authorized and authenticated.
- Furthermore, they keep a track of the security policies and user accounts of the system. 
- There is a sub system called LSA which is responsible for maintaining all the information and details about the local security of the system. 
- The interactive user authentication services are provided by the security sub systems.
- The tokens containing the user information regarding security privileges are also generated by these sub systems. 
- The audit settings and policies are also managed by the security sub systems. 
- The following aspects are identified by the sub systems:
1.       Domain
2.       Who an access the system?
3.       Who has what privileges?
4.       Security auditing to be performed
5.       Memory quota

How Penetration Testing tool emphasize on Security Sub Systems?

So for having better security at the surface, it is important that the security at the sub systems level should not be over looked. All these matters make the security sub systems very essential. 
Therefore, it is required that to improve the overall quality of the security mechanisms, these sub systems should be tested. 

- The penetration testing tools emphasize upon the security sub systems in the same way as they emphasize the network security.
- Penetration testing was first adopted for the testing of the security of a computer network or system against the malicious attacks.
- For providing a way to evaluate the security level of the computer network by bombarding the network with false simulated attacks as malicious attacks from the outside as well as inside attackers. 
- The whole process of the penetration testing is driven by an active analysis which involves an assessment of all the potential vulnerabilities of the security sub systems that are merely a consequence of its poor security level as well as configuration level. 
- Apart from this, the flaws form both the hardware as well as software components contribute to these vulnerabilities rather than only operational weaknesses. 
- The security at the sub system level depends up on the effectiveness of the testing. 
- And the testing in turn is affected by the effectiveness of the tools that have been employed in the testing. 
- The tools indeed affect the sub systems’ security, since if the tools are reliable and efficient in finding vulnerabilities, obviously there will be more improvement in the security mechanisms. 
- A whole lot of effective tools are designed to reduce the affect of these vulnerabilities.

No comments:

Facebook activity