Penetration Testing 101

Penetration testing (or pen testing) is a process by which software is utilized to probe a network and its elements for security risks. The job of security is always to focus on reducing the attack surface. Pen testing is what allows you to do this.

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Penetration Testing 101

Types of Pen Tests:

      • Internal Penetration Tests – Identifying how far an attacker can transverse the network once a breach has occurred.
      • External Penetrations Tests – Attempting to gain access to the internal network by exploiting vulnerabilities found on external assets.
      • Mobile Penetration Tests – Focusing on the endpoint devices in realistic scenarios to see what information can be accessed.
PenTest_Technium

Pen testing is a highly valuable, and sometimes mandatory step, in a security program. The goal is to identify weaknesses in your system and produce a risk score at the end of testing, so your team can address security gaps. Most organizations, at a minimum, will take the second approach (External Penetration Testing) as it ensures third-party, un-biased and more credible recommendations. If your organization has the resources, it is strongly recommended to conduct both internal and external penetration tests. It is also recommended running a test at least once a year.

Pen testing software will probe all devices – searching for high risk open application access ports, un-remediated vulnerabilities, user access risks and general software upgrades. By adding a proper security expert review, relative risk and priority are added which helps determine the practical approach to resolution.

Examples of value from experts include:

      • A dialogue around what applications are currently in use
      • Critical technology for business operations
      • How to segment the network to reduce risk

The job of security is always to focus on reducing the attack surface; pen testing helps you identify the risks in order to do this. 

Systems vs. Software

Finding an out-of-the-box software to resolve gaps in your current cyber security state appears easy. The hard part is ensuring the systems and people are in place to do the work.

Read More »

Choosing the Right MSP

To understand how your Managed Services Provider (MSP) stacks up from a security standpoint, here are some levels, observations, and questions to identify what you may currently have.

Read More »

DIY Security: Know When to Call in Experts

Deciding between keeping IT security tasks in-house or relying on a partner with specialized expertise, can be compared to managing home improvement projects. There are many things you can try to repair using the Do-It-Yourself approach. If everything goes just right, you might save yourself some money, and hopefully, you’ve got time left over to relax. But what if everything goes wrong?

Read More »

Systems vs. Software

Finding an out-of-the-box software to resolve gaps in your current cyber security state appears easy. The hard part is ensuring the systems and people are in place to do the work.

Read More »

Choosing the Right MSP

To understand how your Managed Services Provider (MSP) stacks up from a security standpoint, here are some levels, observations, and questions to identify what you may currently have.

Read More »

DIY Security: Know When to Call in Experts

Deciding between keeping IT security tasks in-house or relying on a partner with specialized expertise, can be compared to managing home improvement projects. There are many things you can try to repair using the Do-It-Yourself approach. If everything goes just right, you might save yourself some money, and hopefully, you’ve got time left over to relax. But what if everything goes wrong?

Read More »