The growth in the use of Information and Communications Technology (ICT) and Artificial intelligence (AI) has improved the productivity and efficiency of modern agriculture, which is commonly referred to as precision farming. In line with the findings a risk assessment was made and solution, suggestions were presented for potential threats. CVE and NVD database records were used to detect vulnerabilities. In order to detect undiscovered vulnerabilities or potential configuration errors, risky servers with open remote desktop connection ports (Remote Desktop Connection, Secure Shell, etc.) and login page detected have been extracted. In the second stage, vulnerable servers were detected by scanning for previously discovered vulnerabilities on the ports and services of the servers. First, the server operating system (Windows Server, Ubuntu, Debian, Centos) query was performed on server IPs indexed by Shodan. In this study, the risks and vulnerabilities of the servers were evaluated with the queries made using Shodan APIs. Shodan's robots scan IP ranges periodically and index the results. Shodan It is an internet of objects search engine developed to make queries such as vulnerabilities, ports, locations on servers, applications and devices connected to the internet. There is also an NVD (National Vulnerability Database) vulnerability database that works simultaneously with the CVE. A detected vulnerability receives a vulnerability number starting with CVE and is published on the web. CVE (Common Vulnerabilities and Exposures) is known as the international vulnerability dictionary organized by MITER. If a vulnerability is detected, it must be publicly announced and published by a specific authority. The vulnerability of a system or application to cyber-attacks is called vulnerability. Especially software-related vulnerabilities are the most preferred type of vulnerability by cyber attackers. The widespread use of IT assets also expands the attack surface that attackers exploit. The goal, to achieve with this type of testing, is to secure the online practices that are used and increase awareness about the security problems that society is facing. Moreover, it presents a useful overview of the key concepts needed to understand to conduct well-managed penetration tests, explaining what a penetration test is, outlining the strengths and limitations, and describing why an organization would typically choose to employ an external provider of penetration testing services to help them plan for and undertake tests effectively, ensuring that vulnerabilities are identified and remediated. It is designed to enable to prepare for penetration tests, conduct actual tests in a consistent, competent manner and follow up tests effectively. Practical advice on the establishment and management of a penetration testing program, helping to conduct effective, value-for-money penetration testing as part of a technical security assurance framework. Penetration testing is essentially a controlled form of hacking in which a professional tester, working on behalf of an organization, uses the same techniques as a criminal hacker to search for vulnerabilities in the company's networks or applications. The results suggest that IAPTF is a promising approach to offload work from and ultimately replace human pen-testing. Another advantage of IAPTF is the ease of repetition for retesting similar networks, which is often encountered in real penetration testing. The results show that IAPTF with hierarchical network modeling outperforms previous approaches as well as human performance in terms of time, number of tested vectors and accuracy, especially in large networks. This approach is tested through simulations of networks of various sizes. This was overcome by representing networks hierarchically as a group of clusters and treating each cluster separately. A major difficulty encountered was solving large POMDPs resulting from large networks. Penetration testing tasks are treated as a partially observed Markov decision process (POMDP) which is solved with an external POMDP-solver using different algorithms to identify the most efficient options. The proposed approach called Intelligent Automated Penetration Testing Framework (IAPTF) utilizes model-based RL to automate sequential decision making. This paper investigates reinforcement learning (RL) to make penetration testing more intelligent, targeted, and efficient. In large networks, penetration testing becomes repetitive, complex and resource-consuming despite the use of automated tools. Penetration testing (PT) is a method for assessing and evaluating the security of digital assets by planning, generating, and executing possible attacks that aim to discover and exploit vulnerabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |