Aiming at Higher Network Security Through Extensive Penetration Tests



Abstract: Modern enterprise infrastructures adopt multilayer network architectures and heterogeneous server environments in order to efficiently fulfill each organization’s goals and objectives. These complex network architectures have resulted in increased demands of information security measures. Each organization needs to effectively deal with this major security concerns, forming a security policy according to its requirements and objectives. An efficient security policy must be proactive in order to provide sufficient defense layers against a variety of known and unknown attack classes and cases. This proactive approach is usually interpreted wrongly in only up-to-date software and hardware. Regular updates are necessary, although, not enough, because potential mis-configurations and design flaws cannot be located and patched, making the whole network vulnerable to attackers. In this paper we present how a comprehensive security level can be reached through extensive Penetration Tests (Ethical Hacking). We present a Penetration Test methodology and framework capable to expose possible exploitable vulnerabilities in every network layer. Additionally, we conducted an extensive analysis of a network penetration test case study against a network simulation lab setup, exposing common network mis-configurations and their security implications to the whole network and its users.

Index Terms:
penetration testing, network security, ethical hacking, proactive security policy


Anestis Bechtsoudis
Computer Engineering and Informatics Department (CEID)
University of Patras, GREECE
e-mail: abechtsoudis [ at ]

Nicolas Sklavos
Informatics & MM Dept., Branch of Pyrgos
Technological Educational Institute of Patras
Pyrgos, ZIP 27100, GREECE
e-mail: nsklavos [ at ]


Download Full Paper

Download Full Paper (local mirror)

Copyright Notice



A. Bechtsoudis


IonOctober 10th, 2012 at 02:22

Hey Anestis, great article! :) Make sure to share similar activities in twitter, etc in the future, so we get notified sooner *grin*. Have a nice day!

suryaOctober 11th, 2012 at 15:11

is entire lab setup is simulated on physical hosts are also involved ?
if possible can u share demo video

thank you

anestisbOctober 11th, 2012 at 20:01

The scenario examined in the paper is implemented solely with simulated (GNS3 Cisco Simulator) and virtualized (VMWare) hosts/nodes.
Of course our lab also includes some actual hardware involved directly into our tests, mainly for the network processing nodes (because simulators lack of some features).

A very good resource on simulating Cisco devices with GNS3 in linux hosts is

Unfortunately a lab video can not be provided according to our policy.

suryaOctober 30th, 2012 at 03:27

Hi Anestis ! in your article you have mentioned about copying router config through SNMPrequest to TFTP services….. but the same can be protected by tftp-server-list command

please offer your comments

anestisbOctober 30th, 2012 at 09:15

@surya IP ACLs (operating on Layer 3 & 4) are vulnerable to IP spoofing attacks if no mitigation methods are implemented on the network.

tftp-server-list for cisco IOS is an ACL protection for the SNMP request IP sources (sources is bold for a reason: ACL checks only the incoming IP source address and not the outgoing because command supports only standard ACLs).

The get-config SNMP oid contains the target TFTP server string (and the TFTP IP can be different from the SNMP request’s IP address).

Consequently, an attacker can spoof an allowed IP address to bypass the standard ACL protection and execute a get-config request to an other IP address that he owns.

Always speaking for network configurations with weak or no IP spoofing protection layers.