Security is one of the important contributing factors in the
success of a software system or application. The security level of the software
system or application also influences the security of the users that use that
system or application. The higher the security of a system is, the more secure
it is for use.
Since security plays a very important role in the computer
world, there has to be some strategy or testing methodology that could judge or
assess the security levels and mechanisms of the software systems and
applications.
Do we have any such testing methodology? Yes of course we have!
The penetration testing!
About Penetration Testing and Security Sub Systems
- This software testing methodology has the answers to
all our security related issues.
- The security mechanism of a software system or
application is comprised of many sub mechanisms or sub systems which are
commonly addressed as security sub systems.
- These security subsystems are
security components that make up the whole security model of the system.
- These
sub systems ensure that the applications are not able to access the resources
without being authorized and authenticated.
- Furthermore, they keep a track of
the security policies and user accounts of the system.
- There is a sub system
called LSA which is responsible for maintaining all the information and details
about the local security of the system.
- The interactive user authentication
services are provided by the security sub systems.
- The tokens containing the
user information regarding security privileges are also generated by these sub
systems.
- The audit settings and policies are also managed by the security sub
systems.
- The following aspects are identified by the sub systems:
1.
Domain
2.
Who an
access the system?
3.
Who
has what privileges?
4.
Security
auditing to be performed
5.
Memory
quota
How Penetration Testing tool emphasize on Security Sub Systems?
So for having better security at the surface, it is important
that the security at the sub systems level should not be over looked. All these
matters make the security sub systems very essential.
Therefore, it is required
that to improve the overall quality of the security mechanisms, these sub
systems should be tested.
- The penetration testing
tools emphasize upon the security sub systems in the same way as they
emphasize the network security.
- Penetration testing was first adopted for the
testing of the security of a computer network or system against the malicious
attacks.
- For providing a way to evaluate the security level of the computer
network by bombarding the network with false simulated attacks as malicious
attacks from the outside as well as inside attackers.
- The whole process of the
penetration testing is driven by an active analysis which involves an
assessment of all the potential vulnerabilities of the security sub systems
that are merely a consequence of its poor security level as well as
configuration level.
- Apart from this, the flaws form both the hardware as well
as software components contribute to these vulnerabilities rather than only
operational weaknesses.
- The
security at the sub system level depends up on the effectiveness of the
testing.
- And the testing in turn is affected by the effectiveness of the tools
that have been employed in the testing.
- The tools indeed affect the sub
systems’ security, since if the tools are reliable and efficient in finding
vulnerabilities, obviously there will be more improvement in the security
mechanisms.
- A whole lot of
effective tools are designed to reduce the affect of these vulnerabilities.
No comments:
Post a Comment