If you run a business you'll already know the importance of safeguarding your information assets from compromise by so-called "black hat hackers", or "crackers". These people think nothing of taking down your network, defacing your website, or penetrating your internal network to cause havoc among your computer systems.
The solution to this problem is penetration testing, also known as ethical hacking. Businesses contract with so-called "pen testers" to do their utmost to attack the business in the same way that a criminal might, though stopping short of causing any damage. The outcome of penetration testing is a business-focused report that outlines the impact on business processes, rather than the technical details of the test.
One way of looking at penetration testing is as follows. If you come in from the pub at two in the morning and leave your keys in the door, that is a vulnerability. An automatic vulnerability scan would find this, and would offer suggestions to your wife such as "Remove his keys - but you need to get up at two in the morning to let him in", "Install a swipe card system" or even "Kick him out of the house!"
A penetration tester, on the other hand, would go up to the door and turn the keys and handle, only to find you had been sober enough to bolt the door from the inside; i.e. the supposed high risk of the vulnerability has been fixed. The tester would then take the keys and try the back door, before stealing your car! In other words, the vulnerabilities are exploited to find the true business impact and not just the theoretical technical weaknesses. The advantage of using a manual penetration tester, rather than an automated tool, is that the ethical hacker is more likely to discover the true business-related risks to your information assets.
There are different types of penetration test:
White box test: Full knowledge of the systems to be tested is provided in advance. This kind of penetration testing can be more thorough.
Black box test: This assumes no knowledge of the systems being tested, and mimics the actions of black hat hackers.
The phases of a "pen test" are as follows:
Research: Check publicly-available information about network addresses and IT deployment that could be of use to a potential attacker.
Enumeration: Scan by appointment with the organisation and identify the systems and architectural features.
Exploitation: Analyse the potential for successful attacks, stopping short of causing damage or disruption to systems.
Analysis and reporting: Correlate with known vulnerabilities, examine findings, inform client and reach conclusions on business impacts.
If your business depends crucially on its information assets - and what business doesn't? - then penetration testing is a vital safeguard that you cannot afford to ignore.
Harvey McEwan writes to make insurance (especially car insurance!) a happier place.
Article Source:https://EzineArticles.com/expert/Harvey_McEwan/229739
0 Comments
If you have any doubts, Please let me know