The various modes of system security testing are as follows:

1. Remote network: This mode attempts to simulate an attack launched over the Internet. The primary defenses that must be defeated in this test are border firewalls, filtering routers, etc.
2. Remote dial-up network: This mode simulates an attack against the client’s modem pools. The main targets of dial up testing are PBX units, Fax machines, and central voice mail servers. The primary defenses that must be defeated here are user authentication schemes.
3. Local network: This test simulates an employee or other authorized person who has an authorized connection to the organization’s network. The primary defenses that must be defeated here are intranet firewalls, internal Web servers, and server security measures.
4. Stolen equipment: This mode simulates theft of a critical information resource such as a laptop owned by a strategist.
5. Social engineering: This aspect attempts to check the integrity of the organization’s employees.
6. Physical entry: This test acts out a physical penetration of the organization’s building. The primary defenses here are a strong security policy, security guards, access controls and monitoring, and security awareness.

Explore More

Distributed Denial of Service (DDoS) Attacks

Demystifying Denial-Of-Service attacks, part one By Abhishek Singh, CISSP This paper provides an introduction to Denial of Service (DoS) attacks, their methodologies, common prevention techniques, and how they differ from

Read More

Google Hacking

Using Google, and some finely crafted searches we can find a lot of interesting information.For Example we can find: Credit Card Numbers Passwords Software / MP3’s …… (and on and

Read More

What are the user authentications supported by the SSH-2 protocol?

The SSH-2 protocol supports the following user authentications: * Public key authentication (DSA, RSA*, OpenPGP) * Host-based authentication * Password-based authentication Note: SSH-1 supports a wider range of user authentications,

Read More