Penetration Testing on Operating Systems and Database Security to Ensure Reliability and Integrity - Essay Example

? Reports on Penetration Testing on Operating Systems and Database Security to Ensure Reliability and Integrity Penetration Testing On Operating Systems Overview Penetration testing is regarded as one of the critical steps in the advancement of any secure product or system. It is often considered to be an art instead of science. It has been viewed that the efficiency of penetration testing relies upon the skillful abilities as well as the experiences of the testers who are usually involved in securing a particular system or product. In the context of penetration testing on operating systems, it can be affirmed that the aspect i.e. penetration testing is often viewed as an elementary area of information systems based on security engineering (McDermott, 2001). In precise, the facet of penetration testing is often regarded as ‘pen testing’ or ‘security testing’ method which tends to assess the safety of a computer network or system by testing it from the viewpoint of an attacker i.e. a hacker or a cracker. This significant aspect i.e. penetration testing cannot be duly considered as an alternative to other security measures related to information technology (IT). Rather, it is regarded as the approach which significantly assures the security of a network or system in terms of protecting it from being attacked by an intruder (Brown Computer Science, 2010). Techniques of Penetration Testing on Operating Systems The different techniques of penetration testing on operating systems can be apparently observed as gathering valuable information, scanning internet protocol (IP) addresses, performing fingerprinting, recognizing vulnerable services, exploiting vulnerability activities and finally fixing major problems. The prime intention of the technique i.e. gathering valuable information is to determine the diverse range of Internet Protocol (IP) addresses possessed by an organization. The objective of scanning IP addresses technique is to verify what sorts of operational services or systems are running in a specific organization. The technique i.e. fingerprinting facilitates to identify the ‘logged in’ individuals, the operating systems that are in use, web servers and various other services associated with the operating systems. The practice concerning the recognition of vulnerable service targets is performed to gain greater access to the operating systems along with ensuring that the operating systems are not harmed internally or externally. The technique linked with exploiting vulnerability activities enables to exploit certain detected vulnerabilities such as buffer and heal overflow, code injection, cross-site scripting and SQL injection among others. The prime intention of the technique related to fixing major problems is to recognize the active ports that run on the operating systems. The identification of these active ports might support to protect the operating systems through developing along with upgrading client/server architecture, conducting thorough or non-destructive tests and constructing vulnerability mapping among others (Brown Computer Science, 2010). Thus, on the basis of the above discussion, it can be affirmed from a broader outlook that the aforesaid techniques would certainly facilitate to protect the operating networks or systems by a significant level. Significance of Penetration Testing on Operating Systems In this high-tech era, the importance of penetration testing especially within the periphery of operating systems has gained relevance by a considerable level. The procedure of conducting an effectual penetration test enables to confirm that new along with existing operating systems and networks are not susceptible to security risks that might permit unlawful access to exploit valuable resources. It can be observed over a few preceding years that the business corporations in this present era are adopting and executing modern technological tools such as advanced operating systems for the purpose of delivering quality and effective services to the consumers. The broader execution of these modernized technologies eventually raises severe complexities or problems that can disrupt the overall operational procedures and mechanisms of the organizations by a greater extent. In this particular situation, an effective utilization of penetration testing can support the modern business organizations to address and to mitigate the complexities through securing the operating systems by a considerable extent. The modern business corporations especially belonging to IT industry strongly believe that the identification of the risks associated with operating systems can enable to enhance the overall performance of their respective operational procedures at large (SANS Institute, 2002). Thus, it can be affirmed that the aspect of penetration testing plays an imperative role in developing the operating systems which in turn results in delivering an active support to the modern organizations to efficiently perform their business activities. Planning of Penetration Testing on Operating Systems With regard to determining the planning of penetration testing on operating systems, it can be viewed that this particular test is generally performed on a periodic basis relying significantly upon the criticality of the operating systems. The planning of penetration testing on operating systems generally starts with performing an effectual architecture review in order to aid the testing teams to gain a comprehensive understanding about the critical operational systems (Searle, n.d.). It is worth mentioning in this similar concern that before conducting penetration tests on operating systems by diverse organizations, they must possess a Computer Security Policy. This particular policy must entail various valuable information concerning internet connections, security access of the operating systems and documentation among others (SANS Institute, 2002). Thus, it can be affirmed that an effective planning of penetration testing can largely ensure to protect the operational systems from being attacked by any intruder. Database Security to Ensure Reliability and Integrity Overview Database security is mainly concerned with ascertaining secrecy, reliability and accessibility of stored data in a particular database (Denning, 1988). It has been determined that the significance of database security towards ensuring greater reliability and integrity of stored data has extensively risen over a few recent years. This can be owing to the reason that a major portion of critical business functionalities of diverse modern organizations has become standard or digitized. In this regard, a database can be duly considered as an indispensable constituent of any information system as it holds various sorts of sensitive data. It is worth mentioning that database security depends upon certain important factors namely operating system (OS) security, physical security and database management system (DBMS) security. The aspect of database security can be ascertained through acquiring sensitive data, altering data or debasing accessibility of the database. There are certain critical factors that have been viewed to affect database security by a certain extent. These factors encompass alterations in the business environment, non-secure adoption along with execution of operating systems and networks and user errors among others. Specially mentioning, the maintenance of a proper database security has become quite crucial for modern business corporations as it supports them to make effective decisions and most vitally assists them to perform day-to-day operational functions efficiently (Lesov, 2008). Importance of Database Security While determining the significance of database security, it has been recognized that security is an utmost concern within the periphery of database management. This is owing to the reason that information which is stored in a particular database is quite sensitive and valuable. In this context, a proper design along with an effective exploitation of database security play a decisive role in securing valuable data that are stored in a database. Importance of database security can be gauged from the fact that it is observed as the protecting element of a database against any sort of unintentional and intentional threat that might be either computer-based or non-computer based. In general, database security comprises certain significant constituents such as software, infrastructure, hardware, people and most vitally data that support an organization to manage its daily operational functions. Business organizations in this present day context are focusing more upon developing this imperative aspect i.e. database security as compared to the preceding years. This might be due to the reason that the amount of information stored in a database is gradually rising, which necessitates database security to be developed in order to prevent the risks emanating from unfamiliar threats. Precisely, the facet of database security supports the modern organizations especially related with the IT industry in terms of preventing unlawful data observation, restricting illicit data modification and ensuring effective data reliability and integrity. In addition, the aspect of database security facilitates the business corporations to ascertain that the stored data is managed effectively and to ensure that authorized users are capable of having greater access to stored data in a database (Singh, 2011). Database Security Ensuring Reliability and Integrity In relation to ensuring greater reliability and integrity through effectual execution of database security, it can be stated that the aspect of database security is a critical issue in the context of database management. The data which is stored in a particular database ought to be managed effectively for the purpose of serving the business interests of the modern organizations by a considerable level. This particular critical aspect i.e. database security is often viewed as a corporate asset for the modern organizations which ensures superior integrity along with reliability of stored data in a specific database. With regard to determining database security to ensure superior reliability along with integrity, certain dimensions can be taken into concern. In this regard, these dimensions include database integrity, element accuracy and element integrity. Database integrity represents the protection of a database against any sort of damages such as failure of a disk drive or faults in master database index. However, these damages can be mitigated through utilizing effectual recovery procedures along with making greater integrity control of operating systems. Element accuracy denotes the concern regarding the allocation of correct values into the constituents of a specific database. This particular dimension mainly checks the integral values for preventing insertion of inappropriate values in a database. Finally, the dimension of element integrity signifies appropriate usage of the elements of specific data in a database. In precise, it can be affirmed that this dimension generally ensures that the value of a specific data constituent is altered only by the legal users instead of unauthorized users. Thus, it can be stated that these dimensions might support database security to ensure superior level of reliability along with integrity of stored data in a specific database (Singh, 2011). It can be stated that there are certain ways through which database security ensures greater reliability and integrity of stored data in a specific database. In this regard, the ways include complying with the requirements of the above discussed dimensions i.e. database integrity, element accuracy along with element integrity and meeting the necessities associated with user authentication. Moreover, the other ways comprise effectively exploiting recovery and back up procedures, making correct and effective decisions along with protecting valuable data from diverse individuals through the execution of advanced network applications. In terms of ensuring superior reliability and integrity of stored data in a specific database, database security often acts as a catalyst resulting in safeguarding valuable data from corruption or any other damage. Specially mentioning, there lay certain situations due to which database integrity gets affected by a considerable level. In this regard, one of the situations is when the entire database gets damaged and the other situation is when individual data items are not readable. An effective mitigation of these situations eventually can reassure the importance of database security, ensuring greater integrity and reliability of stored data in a particular database. Relating to this vital aspect, the facet of database security addresses and mitigates the above situations through adopting along with implementing pioneering technological advancements such as modernized operating systems and periodically backing up the important files on the system or in the database. Most importantly, database security tends to restrict the unauthorized users from accessing valuable information which in turn results in delivering greater integrity and reliability of stored data in a specific database by a significant level (Singh, 2011). Thus, from the above analysis, it can be affirmed that the multi-layered activities performed by database security eventually ensures superior reliability along with integrity of stored data in a particular database at large. In addition, database security can enable to protect invaluable organizational data from being accessed by unwanted individuals which can bring about massive financial and reputational difficulties for an organization. Organizations thus need to ensure that database security is provided topmost priority in the organizational planning and operational activities. References Brown Computer Science. (2010). What is a penetration testing? Penetration Testing, pp. 1-30. Denning, D. E. (1988). Database security. Computer Science 3, pp. 1-22. Lesov, P. (2008). Database security: a historical perspective. Retrieved from http://arxiv.org/ftp/arxiv/papers/1004/1004.4022.pdf McDermott, J. P. (2001). Introduction. Attack Net Penetration Testing, pp. 15-21. SANS Institute. (2002). Testing. Retrieved from http://www.sans.org/reading-room/whitepapers/testing/penetration-testing-you-265?show=penetration-testing-you-265&cat=testing Searle, J. (n.d.). Penetration test planning. AMI Penetration Test Plan, pp. 3-36. Singh, S. K. (2011). Database systems: concepts, design and applications. India: Pearson Education India. Read More