Buchtel College of Arts and Sciences
Date of Last Revision
Computer Information Systems
Number of Credits
Bachelor of Science in Computer Science
Date of Expected Graduation
Penetration testing on a business network consisting of three routers, one switch, and one computer. Access Control Lists (ACLs) on the routers act as the firewall(s) for the network. 10 of the twelve ACLs do not deny any form of traffic to reflect the lax security standards common in small networks. Router 1 acts as the primary router of the Attacker/Pen Tester. Router 2 represents the edge router for the business and Router 3 is the inner router closest to end-user devices. Switch 1 is connected to Router 3 with one computer connected to the switch acting as an end-user. Switch 1 is configured with two VLANs: VLAN 10 for the users and VLAN 20 representing planned expansion. Each router and switch are accessible via SSH for remote management.
The penetration test begins with Zenmap reconnaissance followed by remote password cracking with THC Hydra to gain remote access to all three routers and the switch. Upon completing the remote access penetration test, the Pen Tester moves inside the network to the new VLAN 20 to test internal security utilizing Yersinia.
Dr. John B. Nicholas
Sarah M. Hoge
Stanley H. Smith
Honors Faculty Advisor
Proprietary and/or Confidential Information
Kandle, Lee, "Penetration Testing in a Small Business Network" (2022). Williams Honors College, Honors Research Projects. 1612.