Development of a penetration testing lab in the CUE virtual lab environment (VINETCTL)

• Author(s) / Creator(s)

  • Kolencheril, Jerbin Joy
  • Messerschmidt, Mitchell
  • Bhusri, Sagar
  • Kotha, Vamshidhar Reddy
  • Jawanda, Gurcharan
  • Thomas, Betsy Elsa
  • Bonagiri, Raja Venkata Sandeep Kumar
  • Shah, Aakash
  • Nallarala, Abhilash
  • Garg, Gaurav
  • Pathak, Isha
  • Saggu, Ravdeep
  • Doddaka, Sravya
  • Pole, Sparsha
  • Singh, Satinderpal
  • Vadlamudi, Tejaswini
  • Sethuraman, Vigneshwar
  • Vangala, Vishista
  • Kaur, Amritpal
  • Kaur, Parminder
  • Chittimalla, Sai Kumar
  • Chittimalla, Sandeep
  • Patel, Priyesha
  • Kirandeep
  • Singh, Mandeep
  • Joshi, Dhanvi
  • Pathan, Rahim Khan
  • Ancha, Jyothi Sharmila
  • Kaur, Amandeep
  • Bagla, Navjot
  • Thakur, Preeti
  • Pugalenthi, Subaveena
  • Garrapu, Tharun
  • Gummakonda, Anirudh
  • Soobhri, Pawan
  • Kaur, Simranbir
  • Ahuja, Puneet
  • Rathod, Divya
  • Varma, Upasana
  • Nadipineni, Pavan kumar
  • Vemuri, Keerthi Kishore
  • Maadeereddy, Amulya
  • Raikar, Akshata Rajendra
  • Sunkara, Leela Suresh
  • Mehta, Akshat
  • Heena
  • Kaur, Kiranjit
  • Shah, Anish Manishkumar
  • Elumalai, Sweatha
  • Joshi, Mansi
  • Chauhan, Bhavyarajsinh
  • Nellore, Rishab Kumar Singh
  • Lindskog, Dale

• In recent years, the prevalent utilization of technology and web applications has given rise to security vulnerabilities. This problem has dramatically increased the demand for proposed security models and mechanisms. Organizations find it challenging to secure their web applications and find themselves in a dilemma to secure their systems from rising cyber threats. Thus, Vulnerability Assessment and Penetration Testing (VAPT) techniques have gained wide importance to determine security loopholes, assess the risks, and provide dynamic cyber defense in a controlled environment. Penetration testing is a controlled cyber-attack against the network or machines to detect vulnerabilities found in a system or web application that can be misused by an attacker to exploit it. This paper aims to design, build, and document a fully functional penetration testing lab to test the level of security of various network zones and security devices in a systematic way. The penetration testing lab consists of two different internetworks, each internetwork is further divided in different zones based on users, functionality, accessibility, and security. Vulnerability assessment is an effective technique to find out weaknesses and security loopholes to improve organizations' security. Nessus is used for vulnerability assessment in the VINETCTL environment. Introducing GRR (GRR Rapid Response Framework), a new open-source cross-platform tool for enterprise forensic research that enables remote access to raw disks and memory. Protocol analysis helps in identifying key artifacts by analyzing captured network traffic for developing snort rules. The lab additionally consists of the IDS infrastructure based on SNORT, which detects malicious traffic passes through the network based on the developed rulesets.

• Date created

  2021-06-01

• Subjects / Keywords

  • penetration testing
  • vulnerability assessment
  • vinetctl
  • protocol analysis
  • nmap
  • Metasploit
  • SNORT

• Type of Item

  Research Material

• DOI

  https://doi.org/10.7939/r3-vney-sp05

• License

  Attribution-NonCommercial 4.0 International