Building and Using a Penetration Testing Environment of Virtual Machines

Building and Using a Penetration Testing Environment of Virtual Machines

연구 분야: Strategies

학회: Journal of Computing Sciences in Colleges, Volume 39, Issue 1

To prepare IT and cybersecurity graduates and meet industry needs, cybersecurity courses must introduce current offensive and defensive tools and practices. Teaching offensive security (penetration testing/ethical hacking) is becoming a standard practice in computer science, cybersecurity, and information technology programs[2, 5]. Penetration testing/ethical hacking allow students to perform a sequence of different phases to gain the needed cybersecurity knowledge and skills using current tools. These current offensive cybersecurity tools should be introduced and applied in the different hands-on activities thus allowing students to gain the needed knowledge of current cybersecurity best practices[2]. Through a hands-on approach, penetration testing/ethical hacking courses allow students to develop offensive cybersecurity competency enabling them later to build layered defenses that hardens the systems to penetration. Teaching penetration testing requires an attacking host that is used to perform the different phases of penetration testing on vulnerable hosts. Using an encapsulated virtual environment where the different attacks on vulnerable hosts can be conducted, reduces the risk to institutional networks and systems. Attendees will exit the tutorial with an idea of how to create a working VMware or VirtualBox environment and learn how to perform some of the phases of penetration testing using a Kali Linux attack host.