Network Penetration Testing
Testing Your IT Defense
Network penetration testing is a critical component to an overall information security strategy. Penetration testing uncovers critical issues and demonstrates how well a network, application or information assets are protected. Below shows the steps on a penetration test and how ethical hackers vs. mom-ethical hackers will use the data found.
Information is gathered about the systems to be tested – IT environment, hardware/software, people and physical locations.
Vulnerability scans against the network, applications, hardware components or physical locations to discover any obvious security flaws and potential scenarios are executed
Exploit the vulnerabilities identified in the network, applications, systems or people (via social engineering) to gain unauthorized access to systems and data.
As security flaws are exposed and access to the network is available, teams utilize further methodology based on initial access to explore how far into an organisations’s infrastructure they can go and what type of information can be found and gathered. Items can include passwords, banking information, classified data and anything else that can cause damage or be stolen and exposed.
Pen Testers vs Hackers
Pen testers document all methods used, data or access granted and make recommendations for mitigating each of the attacks against IT assets. An outbriefing session is conducted to ensure complete understanding of the exploitable vulnerabilities and recommend enterprise-level strategies for remediation to help prevent your infrastructure systems from being hacked.
Hackers are looking to make money. Whether they are stealing financial information, passwords social security numbers, etc., they are out for personal gain and in some cases, notoriety. Hackers will try to install malware, viruses and conduct phishing scams against unsuspecting individuals to begin obtaining credentials to be used against an enterprise network or application. When it’s all said and done you may have been breached and you’re left with first finding out the access point and plugging the security vulnerabilities…in addition to PR brand, damage control.