Abstract
The article presents the design of a model environment for penetration testing of an organization using virtualization. The need for this model was based on the constantly increasing requirements for the security of information systems, both in legal terms and in accordance with international security standards. The model was created based on a specific team from the unnamed company. The virtual working environment offered the same functions as the physical environment. The virtual working environment was created in OpenStack and tested with a Linux distribution Kali Linux. We demonstrated that the virtual environment is functional and its security testable. Virtualizing the work environment simplified the organization’s security testing, increased resource efficiency, and reduced the total cost of ownership of certain devices.
Keywords
network modelling, information security, security testing
Chinese Abstract
在OpenStack虚拟化平台上进行渗透测试的企业环境建模
本文介绍了如何设计基于虚拟化的模型环境以进行组织渗透测试。对此模型的需求建立于对信息系统安全要求的不断增长,无论在法律条款或国际安全标准方面皆是如此。该模型是基于某个未命名公司的特定团队创建的。虚拟工作环境提供了与实体环境相同的功能,在OpenStack中创建,并使用Linux发行版Kali Linux进行了测试。我们证明了虚拟环境具备功能性,其安全性也可测试。虚拟化工作环境简化了组织的安全测试,提高了资源效率,并降低了拥有某些设备的总成本。
关键词:网络建模、信息安全、安全测试
ORCID Identifiers
Vincent Karovič Jr.: https://orcid.org/0000-0001-9946-7329
Jakub Bartaloš: https://orcid.org/0000-0001-6234-4296
Vincent Karovič: https://orcid.org/0000-0001-9647-0151
Michal Greguš: https://orcid.org/0000-0002-8156-8962
DOI
10.5038/2640-6489.6.2.1152
Recommended Citation
Karovic, V., Bartalos, J., Karovic, V., & Gregus, M. (2021). Enterprise environment modeling for penetration testing on the OpenStack virtualization platform. Journal of Global Business Insights, 6(2), 117-140. https://www.doi.org/10.5038/2640-6489.6.2.1152
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License
Included in
Business Commons, Computer and Systems Architecture Commons, Information Security Commons