`
`ournal of Information Systems Technology and Planning
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Volume 5, Issue 12
`
`
`
`Published and Sponsored by: Intellectbase International Consortium (IIC)
`
`
`
`
`Blue Coat Systems - Exhibit 1042 Page 1
`
`
`
`Journal of Information Systems
`
`
`
`
`
`
`
`
`
`
`
`Technology & Planning
`
`Volume 5, Issue 12
`
`Editor-In-Chief
`
`Dr. Maurice E. Dawson Jr., Alabama A&M University, USA
`
`
`
`Contributing Editors
`
`Senior Advisory Board
`
`Dr. Khalid Alrawi, Associate Editor
`Al-Ain University of Science and Technology, UAE
`
`Dr. Jeffrey Siekpe, Associate Editor
`Tennessee State University, USA
`
`Dr. Frank Tsui, Associate Editor
`Southern Polytechnic State University, USA
`
`Mrs. Karina Dyer, Managing Editor
`Intellectbase International Consortium,
`Australian Affiliate
`
`Dr. Svetlana Peltsverger
`Southern Polytechnic State University, USA
`
`Dr. Kong-Cheng Wong
`Governors State University, USA
`
`Dr. Tehmina Khan
`RMIT University, Australia
`
`Dr. Sushil K. Misra
`Concordia University, Canada
`
`
`
`
`
`ISSN: 1945-5240 Print
`
`ISSN: 1945-5267 Online
`
`ISSN: 1945-5259 CD-ROM
`
`
`Copyright ©2012 Intellectbase International Consortium (IIC). Permission to make digital or hard copies of all or part of this journal for
`personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial use. All copies
`must bear this notice and full citation. Permission from the Editor is required to post to servers, redistribute to lists, or utilize in a for-profit
`or commercial use. Permission requests should be sent to Journal of Information Systems Technology & Planning (JISTP), 1615
`Seventh Avenue North, Nashville, TN, 37208.
`
`
`
`
`
`
`
`Blue Coat Systems - Exhibit 1042 Page 2
`
`
`
`
`
`J. D. Shorter, J. K. Smith and R. A. Aukerman
`
`JISTP - Volume 5, Issue 12 (2012), pp. 13-22
`
`
`
`
`
`Full Article Available Online at: Intellectbase and EBSCOhost │ JISTP is indexed with Cabell’s, JournalSeek, etc.
`
`JOURNAL OF INFORMATION SYSTEMS TECHNOLOGY & PLANNING
`
`Journal Homepage: www.intellectbase.org/journals.php │ ©2012 Published by Intellectbase International Consortium, USA
`
`
`
`
`ASPECTS OF INFORMATION SECURITY: PENETRATION TESTING IS
`CRUCIAL FOR MAINTAINING SYSTEM SECURITY VIABILITY
`
`Jack D. Shorter, James K. Smith and Richard A. Aukerman
`Texas A&M University - Kingsville, USA
`
`
`ABSTRACT
`
`P
`
`Penetration testing is the practice of testing computer systems, networks or web applications
`for their vulnerabilities and security weaknesses. These tests can either be conducted by
`automated software or manually [6.] Wikipedia has defined penetration testing as “a method
`of evaluating the security of a computer system or network by simulating an attack from a malicious
`source...” [11]. There are many different levels of penetration tests that can be performed on an
`organizations network and security infrastructure. These tests can range from simply attempting a brute
`force password attack on a particular system, all the way up to a simulated attack including, but not
`limited to social engineering.
`
`Keywords: Penetration Testing, Black Box Penetration Testing, White Box Penetration Testing,
`Scanning and Enumeration, Target Testing, Internal Testing, Blind Testing, Double Blind
`Testing.
`
`
`INTRODUCTION
`
`Penetration testing is the practice of testing computer systems, networks or web applications for their
`vulnerabilities and security weaknesses. These tests can either be conducted by automated software or
`manually. The objectives of these tests are to provide valuable security information to the company
`being tested, and to serve as a blueprint for the areas that need improvement. Besides security issues,
`penetration testing is also performed to monitor an “organization's security policy compliance, its
`employees' security awareness and the organization's ability to identify and respond to security
`incidents”. Penetration tests are sometimes referred to as “White Hat attacks” due to the break-ins
`being conducted by information systems personnel who were ask to supply this service [6].
`
`There are countless guides, books, and resources available for the modern network administrator or
`information technology executive to facilitate making the sensitive data on their networks and computer
`systems secure. He or she can have a highly secure network by having a robust Acceptable Use Policy
`(AUP), Security Policy (SP), along with well trained staff in both the information technology department
`and the organization as a whole. The data on the computers within the network can be protected by the
`most expensive up-to-date firewalls and encryption methods. The equipment can be physically
`protected by video monitoring, multiple security guards, and locked doors that lead to man-trap
`hallways. When all of this security is in place, how can a network administrator be confident that the
`
`
`13
`
`Blue Coat Systems - Exhibit 1042 Page 3