| A penetration test is an assessment of your | | | | perspectives from which to approach the testing. |
| network's security, including potential vulnerabilities | | | | Basically, your approach is determined by your |
| and how they could be exploited. Businesses and | | | | answers to these two questions: |
| individuals perform penetration tests in order to | | | | 1. Who is the hacker? (Disgruntled employee? |
| pinpoint and correct potential ways an individual | | | | Someone with no inside information or connection |
| could gain access to their network. Penetration | | | | to the company?) |
| testing is similar to ethical hacking in that a trusted | | | | 2. How much (if any) notice/information will you |
| individual is given permission to attack a network | | | | give your IT staff and/or employees about the |
| using the same methods as those employed by | | | | testing? |
| an illegal hacker. | | | | For example, if you want to know what a |
| The first step in conducting a penetration test is | | | | disgruntled employee could do, the testing will |
| planning. Before the testing begins, you should set | | | | physically take place within the walls of the |
| out goals, time tables, and parameters. That is, | | | | company, using the company's computers and |
| determine your major concerns, decide which | | | | equipment. Another scenario, as mentioned above, |
| aspects of your network you want tested, and | | | | is one where the hacker has no special access; |
| decide how long and when the testing will be | | | | they are simply working from their own |
| conducted. | | | | computer and attempting to breach your network |
| The second step consists of gathering information. | | | | via the Internet. |
| Here is where the tester puts themselves into | | | | The answer to the second questions determines |
| the shoes of an illegal hacker. Imagine you're the | | | | whether, and how, you'll involve your staff and |
| hacker, and all you have is the name of a | | | | employees. For instance, you may decide that |
| company or its website. This company is your | | | | one of your goals is to find out if your IT staff |
| target, and your goal now is to dig up as much | | | | will be alerted to attempted break-ins. In that |
| information as you can to help you break into | | | | case, you would not give them any advance |
| their network. | | | | notice of the testing. Conversely, you could decide |
| Third, the tester will manually test all of the | | | | to have your IT staff and the penetration testers |
| information gathered for possible vulnerabilities. | | | | work together, focusing on a specific target. |
| That is, they'll pull all the hacker tricks out of their | | | | Related to the two questions above is the issue |
| hat, so to speak, and see where and in what | | | | of "zero knowledge penetration testing" versus |
| ways the system is vulnerable. | | | | "limited knowledge penetration testing." With the |
| Last is the actual "break-in" itself. The tester | | | | zero knowledge approach, the testing team has |
| starts by selecting a target. For instance, the | | | | been given no knowledge or information about |
| tester could focus in on the network's main | | | | the system and network from the company. |
| server. From the research done during the third | | | | Many consider the zero knowledge approach to |
| step, the tester has an arsenal of weapons and | | | | be the most realistic, given that the potential |
| potential ways into the network. Now it's a | | | | attacker would be starting from scratch with |
| matter of using that information to hack into the | | | | regards to the hacking. |
| targeted server. | | | | The alternative is "limited knowledge penetration |
| Once the testing is complete, the tester provides | | | | testing." This approach can save both time and |
| the company with a report detailing the | | | | money. With limited knowledge testing, the testing |
| vulnerabilities and explaining how to correct them. | | | | team is given the basic knowledge that a hacker |
| Obviously, the overarching goal of penetration | | | | would have come up with on their own anyway. |
| testing is to uncover holes in your network | | | | That way, the team can move directly to the |
| security. There are, however, several different | | | | vulnerability assessment phase. |