•  
  •  
 

Abstract

The article presents the design of a model environment for penetration testing of an organization using virtualization. The need for this model was based on the constantly increasing requirements for the security of information systems, both in legal terms and in accordance with international security standards. The model was created based on a specific team from the unnamed company. The virtual working environment offered the same functions as the physical environment. The virtual working environment was created in OpenStack and tested with a Linux distribution Kali Linux. We demonstrated that the virtual environment is functional and its security testable. Virtualizing the work environment simplified the organization’s security testing, increased resource efficiency, and reduced the total cost of ownership of certain devices.

Keywords

network modelling, information security, security testing

Chinese Abstract

在OpenStack虚拟化平台上进行渗透测试的企业环境建模

本文介绍了如何设计基于虚拟化的模型环境以进行组织渗透测试。对此模型的需求建立于对信息系统安全要求的不断增长,无论在法律条款或国际安全标准方面皆是如此。该模型是基于某个未命名公司的特定团队创建的。虚拟工作环境提供了与实体环境相同的功能,在OpenStack中创建,并使用Linux发行版Kali Linux进行了测试。我们证明了虚拟环境具备功能性,其安全性也可测试。虚拟化工作环境简化了组织的安全测试,提高了资源效率,并降低了拥有某些设备的总成本。

关键词:网络建模、信息安全、安全测试

DOI

10.5038/2640-6489.6.2.1152

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.