Archive August 2004

Testing of Network and System Security

Saturday, August 14, 2004, 10:00
Testing of Network and System Security Autoren:
Andreas Dittrich
Philipp Reinecke

Workshop IT Security
HU Berlin
Prof. Dr. J.-P. Redlich

Paper: english (PDF)
Vortrag: (PDF)

The term security when applied to computer networks conveys a plethora of meanings, ranging from network security to process and information security – the security of business processes and information handled therein. Likewise, testing said security cannot be narrowed down to simple methods, but has to be adjusted to the type of security it is applied to, to the answers one needs, to time and cost restraints and – possibly the most important point – to the person interested in the answers. While several approaches for a methodology of testing have been put forward and though there are numerous introductory documents as well as checklists available, the field remains rather overwhelming.

This document, written as a paper for the 2004 Security Seminar at Humboldt University, Berlin, aims at giving hints on how to tackle the complex task of testing a network’s security. We will lay out a simple scenario, designed with several security holes, and perform a rudimentary penetration test. To really get a grasp on how secure a system is, one has to try every conceivable way to break into it. Time and space constraints as well as limits on what we can model in the network prevent us from doing such a test, so in order to achieve greater detail in what we actually do we will only follow one way and give hints of possible other routes at the various steps.

Categories: Presentation, Publication, Research and Education, Security
Tags: , , , ,