http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
A Study on Penetration Testing Scope Planning
Farkhod Alisherov,Maricel Balitanas,Eun-suk Cho,Byung-Joo Park,Min-Kyu Choi,Tai-hoon Kim 한국정보기술학회 2009 한국정보기술학회논문지 Vol.7 No.3
A penetration test attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible. Penetration testing should include network and application layer testing as well as controls and processes around the networks and applications, and should occur from both outside the network trying to come in (external testing) and from inside the network. While there are many methodologies and ways to perform a penetration test, this paper introduces an effective and complete approach to determining the scope of the penetration testing.
Farkhod Alisherov(박호드 알리셀로브),Min-kyu Choi(최민규),Maricel O. Balitanas(마리셀 발리타나스),Tai-hoon Kim(김태훈) 한국멀티미디어학회 2009 한국멀티미디어학회 학술발표논문집 Vol.2009 No.1
The integration of SCADA systems with technologies such as the Internet and wireless network means that security became an important issue for these systems. While physical security has always been a priority for such systems, the new threat is that of cyber or electronic attacks. Such attacks can come from a manyof sources ranging from hackers to terrorists, employees or contractors. This research shows issues due to which SCADA systems are at risk and some suggestions, which need to be considered to protect your SCADA system.
Farkhod Alisherov,Nayoun Kim,Eun-suk Cho,Seok-soo Kim 한국정보기술학회 2009 Proceedings of KIIT Conference Vol.2009 No.-
As companies expand their presence globally, there arises a need for secure electronic communications between geographically dispersed locations. Virtual private networks (VPNs) provide an economically viable option to address this need. A VPN is a private network that uses the public Internet to either connect remote users to the company's internal network or establish a seamless connection between the company's physically isolated sites. Since a VPN uses the Internet it must provide security features like encryption and strong authentication to protect the confidentiality of internal company data. Thus there is a need for penetration testing of a VPN to discover vulnerabilities. A penetration testing of a VPN is suggested in the paper.
Penetration testing Methodology
Farkhod Alisherov,Min-kyu Choi,Taihoon Kim 한국정보기술학회 2009 Proceedings of KIIT Conference Vol.2009 No.-
Penetration testing is one of the oldest methods for assessing the security of a computer system. The idea behind penetration testing methodologies is that the penetration tester should follow a pre-scripted format during test as dictated by the methodology. A penetration testing methodology based on the research “4-step penetration planning” was proposed in this research.
Penetration Testing in Internet Protocol
Farkhod Alisherov,Maricel O. Balitanas,Rosslin John Robles,Seung-Hwan Jeon,Min-kyu Choi,Ha-yeon Kim,Tai-hoon Kim 한국정보기술학회 2010 Proceedings of KIIT Conference Vol.2010 No.-
While the current version 4 of the Internet Protocol (IPv4) has scaled incredibly, several shortcomings have surfaced. Initially, the lack of IP addresses seemed to be the most urgent problem. The IETF has initiated the development of a next generation Internet protocol [1]. The main goal was to create a protocol that solves the address space problem. Because of the fundamental changes it had meant, there was an opportunity to make other improvements to IPv4, The new protocol became known as IPv6. It has become clear, that security is top priority in today's networks, thus with the introduction of IPv6 there is an opportunity to introduce new security features to the Internet Protocol. Besides the new functions, the protocol indirectly influences security also. It is still debated whether this influence increases overall security. In the paper and examples of penetration testing is given
Secure Power Control System Network
Farkhod Alisherov,Haeng Kon Kim,Tai-hoon Kim 한국정보기술학회 2010 Proceedings of KIIT Conference Vol.2010 No.-
Industrial control systems are an integral part of the critical infrastructures of electric, water, oil/gas, chemicals, pipelines, and transportation. The capabilities of networking these systems provide unprecedented opportunities to improve productivity, reduce impacts on the environment, and help provide energy independence. The overall security concern facing the designers and operators of SCADA and, more generally, of industrial control systems typically originates either from malicious threat agents attempting to disrupt the control system operation, However, the same networking capabilities that can provide these benefits have also introduced cyber vulnerabilities that have resulted in these systems having been identified as one of the most vulnerable targets for the security of the United States. Consequently, various industry and government efforts have been initiated to address the cyber security of these critical systems. Electric utilities require secure network and control system. This paper illustrates solutions for secure control networks and equipment architecture
Secure SCADA Network Technology and Methods
Farkhod Alisherov,Seung-Hwan Jeon,Tai-hoon Kim 한국정보기술학회 2010 Proceedings of KIIT Conference Vol.2010 No.-
The loss of integrity or of availability of data has the potential to adversely affect power utility core operations. The overall security concern facing the designers and operators of SCADA and, more generally, of industrial control systems typically originates either from malicious threat agents attempting to disrupt the control system operation, e.g. to create a power outage, or it originates from inadvertent actions, equipment failure, or similar. Electric utilities require secure network and control system. This paper illustrates solutions for control networks and equipment, SCADA data and communications.
Farkhod Alisherov,Haeng-kon Kim 한국정보기술학회 2009 Proceedings of KIIT Conference Vol.2009 No.-
Ethical hacking is obviously a very controversial area with prosecution under the Computer Misuse Act only a stone's throw away if you overstep the mark and hack into a system or any mobile device without categorical authorisation from the relevant person(s). [1While everyone is concerned about penetration testing methodologies, and/or penetration testing certification, it is also important to consider a policy that should be followed by both the tester and the client to reduce financial and confidencial disparaties, and to bring conformity to the operations between the both parties, so this research suggests a policy that should be followed by penetration testers and clients of the penetration tests.