1. WHAT IS PENETRATION TESTING?
What is Penetration Testing, Penetration testing, pen testing, or pen test is an ethical cyber security
assessment practice that targets to identify vulnerabilities by safely exploiting them the way attackers
would do and then helping to eliminate those vulnerabilities. Penetration testing is conducted on the
complete IT infrastructure of the organization, including networks, devices, applications, remote IT
environments, etc.
In the world of computer security, penetration testing is one of the most important concepts. Testing is a
method used to test a computer system or network to identify possible points where unauthorized access
can be obtained. The purpose of penetration testing is to locate any and all points of vulnerability within
the computer system. Basically the person doing the penetration is trying to hack into the system.
The term ethical hacking was devised to describe a tester who is hired to try and breach security in a
computer system. Whereas the illegal hacker will steal information for the purposes of committing a
crime, the ethical hacker will report information about hacking results so security can be improved. During
penetration, someone has been authorized to breach a security system...if he or she can.
Assessing the Risk
Penetration testing can search for security system weaknesses in several ways.
* External Pt - tests system host and networked systems including servers and software such as firewalls
* Application Security Assessment - tests threats to a computer system which are coming from proprietary
applications and usually involves security testing through interactive access
* Internet Security Assessment - an expanded version of external penetration testing which tests from
multiple points of access
* Wireless Security Assessment - tests the security of a system where people are able to access it through
wireless devices or by some form of remote access
* Other testing of new technologies - tests security of the system when access is possible through current
and developing technologies such as VOIP or mailbox access
As you can see, assessing the risk of a security system through penetrat can be complex depending on the
type of system involved. Testing can be done periodically, but it is much better to use proactive testing
which is ongoing testing 24 hours a day and seven days a week. This is the ultimate in security testing,
because it means the computer system is always being checked for hacking attempts and provides
management with the information needed to keep security high at all times.
Convince Me of the Benefits
There are a number of benefits you get with penetrat. The most common test performed is the External
Penetration Test. When this test is completed, you get valuable information which can be used to enhance
security to protect company assets.
* Vulnerability report indicating most likely breach locations
2. * Testing of all security components including router and firewall testing
* Password testing including identifying employees who have chosen vulnerable passwords
* Application testing to insure system has not been modified
* Communication testing
* Wireless security testing
Experts in penetrate will perform comprehensive testing procedures which make a ferocious attack on
the computer system. The goal of the tester is to gain access to sensitive and useable company data. There
will be many different approaches taken just like a real hacker would use.
At the completion of testing, management gets a report which details the results. This information can
then be used to strengthen the computer security system.