НовоВики. «Мой Новосибирск родной!»

Security Penetration Testing: What happens in the Penetration Test?

Материал из Wiki.nios.ru
Перейти к: навигация, поиск

Security penetration testing is a significant part of any organisation's information security provision. However many security controls you implement for the data, you'll never know for sure how effective they're unless you actively test them by commissioning security penetration testing (often known as "pen testing").

In the course of security penetration testing, the tester will probe your organisation's computer and network defences, and can then try and breach them (using your permission), but without creating the damage that the malicious hacker might cause. The results are explained in the report that also includes ideas for actions to take care of any security loopholes within your systems.

To acheive the very best out of your test results, you will need to be aware of the overall pattern taken by a penetration test. This too assists you to make sure that your provider is following a correct methodology. The key stages are highlighted below:

  • Foot-printing: Public sources of information are widely-used to gather information regarding your organisation's Internet presence.
  • Scanning: Standard tools are used to map your network in a non-intrusive way, determining the volume of computers and the network configuration.
  • Enumeration: This stage involves attempting active connections for your systems in order to discover information (such as valid account names) that might be exploited by hackers. This stage and also the two preceding stages are all legal: the further stages couldn't survive legal without your organisation's written permission.
  • Gaining access: This is the point where security penetration testing comes into its, since the test demonstrates whether or not a hacker would be able to get access to your network.
  • Increasing access rights: Having gained access, the pen tester now seeks to increase his/her access rights on the highest level possible, and locate out whether your network is at risk of this sort of "exploit". A hacker who succeeds in gaining high-level access could wreak considerable damage on the systems.
  • Pilfering and theft of internet data: Entering into an even more active mode, the safety penetration testing procedure now covers the attempted theft of knowledge.
  • Covering one's tracks: A skilled pen tester will attempt to cover his/her tracks so the attack remains undetected, to be able to demonstrate that this can be done, since a stealth attack is among the most dangerous kind.
  • Developing a mystery: An additional refinement is always to produce a "back door" that will make it simpler access your systems in the future. If your penetration tester finds until this is achievable, it'll easily be highlighted within the report as a major weakness of your systems.
  • Denial and services information: Finally, the tester may attempt to discover whether a "denial of service" attack is achievable, whereby resources become unavailable to legitimate users.

You will need to note that the greater active phases of testing may disrupt the normal operation of networks, bringing about a lot of denial and services information. That is why, some organisations like the security penetration testing to halt in short supply of those stages. Each pen testing project should be included in a particular contract aiming exactly what will or won't be attempted. Generally, penetration testing should be completed at regular intervals, and definitely after major changes to the computer network. Used correctly, pen tests can be an indispensable aid to your organisation's information security management system.

To learn more about booter go to our website. We now have covered all the information you need to know about ddos tool.

Персональные инструменты