The various modes of system security testing are as follows:

1. Remote network: This mode attempts to simulate an attack launched over the Internet. The primary defenses that must be defeated in this test are border firewalls, filtering routers, etc.
2. Remote dial-up network: This mode simulates an attack against the client’s modem pools. The main targets of dial up testing are PBX units, Fax machines, and central voice mail servers. The primary defenses that must be defeated here are user authentication schemes.
3. Local network: This test simulates an employee or other authorized person who has an authorized connection to the organization’s network. The primary defenses that must be defeated here are intranet firewalls, internal Web servers, and server security measures.
4. Stolen equipment: This mode simulates theft of a critical information resource such as a laptop owned by a strategist.
5. Social engineering: This aspect attempts to check the integrity of the organization’s employees.
6. Physical entry: This test acts out a physical penetration of the organization’s building. The primary defenses here are a strong security policy, security guards, access controls and monitoring, and security awareness.

Explore More

Critical SQL Injection in Myanmar Calendar

PlanetCreator‘s Security Team Researcher Infofreakzzz reported another Critical SQL injection (vulnerability) on Myanmar Calendar URL : http://www.myanmarcalendar.org/ SQL injection is a code injection technique that exploits a security vulnerability occurring

Read More

phishing tutorial

1.You can use this same tut for anything else… 2. Go to http://www.rapidshare.com and navigate to the premium account log-in screen at the url : https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi 3. We will now

Read More

What is a cookie?

A cookie is a small bit of text that accompanies requests and pages as they move between Web servers and browsers. It contains information that is read by a Web

Read More