What is Penetration Testing?
Penetration testing involves an attempt by a user to gain access to the resources in a computer without using the normal means of gaining access (Weidman 1). Penetration testers differ from attackers in that a penetration tester gains permission from a company before attempting to access their network. The aim of doing a penetration test is to help companies in increasing their levels of security. Whenever a penetration tester is hired by a company, they are mostly expected to find loop holes in the network. A company might decide to provide the penetration tester with a certain user level access and with that, try to obtain information that is inaccessible for a user in that level. When conducting a penetration test, the individual is required to take note of important information gathered during the test and provide the company with a report. Nonetheless, penetration testing is unlikely to identify all the security issues.
Penetration testing involves an attempt by a user to gain access to the resources in a computer without using the normal means of gaining access (Weidman 1). Penetration testers differ from attackers in that a penetration tester gains permission from a company before attempting to access their network. The aim of doing a penetration test is to help companies in increasing their levels of security. Whenever a penetration tester is hired by a company, they are mostly expected to find loop holes in the network. A company might decide to provide the penetration tester with a certain user level access and with that, try to obtain information that is inaccessible for a user in that level. When conducting a penetration test, the individual is required to take note of important information gathered during the test and provide the company with a report. Nonetheless, penetration testing is unlikely to identify all the security issues.
Reasons for Conducting a Penetration Test
Finding Loopholes
Attackers are constantly looking for new techniques of penetrating into systems. Since most of these techniques are well known, conducting a penetration test will enable the company’s IT staff to have a view of the network from a hackers perspective. Eventually, the company will seal any loop holes in their networks.
Issue Report
The results from the test will also act as evidence that can be presented to the management of the company. In some cases, the company’s security team detects issues in their network but fails to convince the management team to take action. Results from an internal penetration tester, however, are more likely to convince the managers to implement changes to secure their system.
Verify Secure Configurations
Hiring an external penetration tester to conduct the test on a company’s network is also useful in measuring the efficiency of the organization’s security team.
Testing New Technology
It would be most appropriate for firms to test their new technology before including them in their production. Performing this test will help them avoid any downtime thus saving money.
Tools for Penetration Testing
The two main types of tools for penetration testing are exploitation tools and reconnaissance tools. Exploitation tools are useful in identifying the existence of an actual vulnerability by exploiting it. Examples of such tools include Metasploit Version 2.5, SecurityForest Exploitation Framework and Core Impact.
Reconnaissance tools on the other hand, consist of Nessus, Nmap and Packet Manipulation and Password Cracking Tools. Reconnaissance involves an initial search of the internet database. The search includes business postings, on-line news sources, Google, WHOIS databases and DNS Registers (Weidman 114).
Penetration Testing Report
Whenever a penetration test is conducted, it is important to formulate the results from the test and compile a report. A well written penetration report can include an executive summary, a technical summary and a management summary. The management summary entails operation information that is of high level whereas the technical summary includes the detailed results and suggested remedies.
Conclusion
Penetration testing is important in finding loop holes in a network, verifying configurations and testing new technologies. The use of tools like Core Impact, Nessus and Nmap is necessary when conducting a penetration test. However, choosing which tool to use is dependent on the features presented by that tool. Core Impact, for example, uses intelligence automation to lower the entry barrier for a majority of the penetration test. More so, conducting the penetration test is one part of the process, afterward the results need to be reviewed and effective suggestions need to be implemented to resolve the issues. It is not necessary to have an external penetration tester since they are more expensive, instead, a company can hire a security expert to conduct the test using the necessary penetration testing tools.
Work Cited
Weidman, Georgia. Penetration testing: A hands-on introduction to hacking. 1st ed., No Scratch P, 2014.
