Rohit Bajaj

<div>
<div class="content wysiwyg-content fr-view">
Hi,<br>This is an academic sort of exercise, and I need help with some comments from experts on it.<br>The following is a sample request for proposal by a client for penetration testing:<br><a href="https://filedb.experts-exchange.com/incoming/2021/07_w29/1566720/Screenshot--1204-.png" rel="ugc"><img src="https://filedb.experts-exchange.com/incoming/2021/07_w29/1566720/Screenshot--1204-.png" style="width: 460px;" class="fr-fic fr-dib"></a><br>I have to come up with some questions for the client which will clarify things and an action-list to be given to the client for penetration testing. <br>My Thoughts:<br>1) It's not clear from the requirements which servers need to be tested. So client needs to provide me the Ip addresses of the machine that need to be tested.<br>2) Ask the client for a safe time window in which the client servers are used minimum.<br>3) What way does the client provides access to remote users who are working from home..<br><br>I am not sure if I am headed in the right direction.<br>For action-list I guess there could be tools which could perform Network Penetration Test,<br>Remote Access, Web Application Testing.<br><br>Any thoughts or ideas on how to proceed with it.<br><br><br>
</div>
</div>


Screenshot--1204-.png


Hi,
This is an academic sort of exercise, and I need help with some comments from experts on it.
The following is a sample request for proposal by a client for penetration testing:
I have to come up with some questions for the client which will clarify things and an action-list to be given to the client for penetration testing.
My Thoughts:
1) It's not clear from the requirements which servers need to be tested. So client needs to provide me the Ip addresses of the machine that need to be tested.
2) Ask the client for a safe time window in which the client servers are used minimum.
3) What way does the client provides access to remote users who are working from home..
I am not sure if I am headed in the right direction.
For action-list I guess there could be tools which could perform Network Penetration Test,
Remote Access, Web Application Testing.
Any thoughts or ideas on how to proceed with it.

Clarifying penetration testing proposal

A miscellany is defined as a "collection of various pieces of writing by different authors", but it has come to mean something "Of items gathered or considered together of various types or from different sources" or "a collection or group composed of members or elements of different kinds". The word "miscellaneous" comes from the Latin word "miscere", meaning "to mix." You might have heard the expression "a mixed bag," which applies when you don't quite know what you're going to get. More commonly, a miscellaneous group is made up of an odd group of things that don't fit anywhere else.

Miscellaneous

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Network Analysis

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.