What are different aspects of network penetration testing?

Penetration test is popularly called pen test. Penetration testing can be defined as a methodology to determine the security level of a network or a computer system.

- This is usually done by simulating an attack from malicious outsiders or the people who are aliens to the system i.e., the people who don’t have any authorized means or permission to access that particular organization’s computer systems or network.

- The process of network penetration testing requires having an active analysis of the whole network and computer system for checking any potential flaws and vulnerabilities in the network system or computer system.

- These potential flaws and vulnerabilities could result from the improper or poor configuration of the network or the computer system.

Other reasons for these potential vulnerabilities and flaws are:

- Unknown and known software and hardware flaws and problems.
- The operational weaknesses of the testing process and counter measures of the technology used.

Typically, this analysis of the network and the computer system is carried out keeping in mind the position of a potential attacker and the process may also involve the active exploitation measures for exploiting security vulnerabilities.

- Security vulnerabilities or issues that are discovered during the testing process are reported to the owner of the network or the computer system.

- An effective penetration testing involves coupling of this information and findings with an already assessed accurate assessment of the potential affects or impact and giving it to the particular organization.

- It also includes outlining of a range of procedural and technical counter measures to overcome those potential vulnerabilities and reduce risks.

There are certain reasons that account for the necessity of carrying out penetration testing. They have been listed below:
- Identification of vulnerabilities that pose a higher risk to the network or the computer system from a combination of vulnerabilities that poses a lower risk. These vulnerabilities are exploited in a designed sequence.

- Determination of feasibility of a particular set of a type of vectors.

- Identification of vulnerabilities that may be impossible and difficult to detect otherwise with automated software scanning application.

- Assessment of the magnitude of impacts of the potential operations and business of the attacks that could be successful.

- Testing of the ability of the network defenders to detect and respond to the attacks by the malicious outsiders.

- Providing of evidence in support of the gradually increasing investments in technology of the security measures.

Penetrations tests can be rightly called the components of a full security audit. Best example that can be given is of payment card industry data security standard.

There are several ways for conducting the penetration tests.

- White box testing and black box testing are the methodologies widely used for carrying out performing penetration testing.

- Before carrying put the penetration testing, it is needed that the testers should determine the extent and location of the systems.

- Here, the white box testing provides the complete information of the infrastructure that is to be tested and it includes source code, IP address information and network diagrams.

- Sometimes grey box testing is also done.

- Penetration tests are called “full disclosure tests” since they provide full information about the network or the computer system to the testing party.

- Penetration testing involves a scan of the IP address space of the concerned organization for a full audit of source code of the application.

- Any computer system deployed in a hostile environment can be used for carrying out the penetration test.

- This measure provides an assurance that any malicious attacker won’t be able to affect the network or the computer system.

0 comments:

Post a Comment

Your Comment Here!.....

Categories

10th 3i InfoTech Academic Books Accenture ACIO ActiveX ADT Agricultural AIEEE Air Force Algebraic Amdocs Android Answers Application Development Aptitude Aptitude Questions Architectures ASP ATOS B.Sc B.Tech.B.E. Bank Exam BCA BE Board Exam Books break-continue Business Plan C C Programming C# C++ Campus campus interview Candidate profile Capgemini Career CDS Certification CET Challenge Circle Cisco class code Cognizant communication Company Company Profile Competitive Exams computer Computer Networks concentric circles constructor Course Credit Suisse CSS CTS Data Structure DBMS DC Deloitte difficult interview questions dimensions Distributed Computing do while dotNet Download ds Dynamic Web Development e-Admit card Educational engineering entertainment Even Odd Events exam schedule exception for loop fresher GATE general Discussion general knowledge Get Placed Government Job Hall Ticket HCL how to answer How to Prepare HR HR Interview HSC hypertext preprocessor IB IBM IBPS IIT Indian Army Information infosys Intelligence Bureau Internship interview Experience interview questions Interview Tips IntroC IntroC# IntroJava IntroPHP IT J2EE J2ME Java JavaScript jobs Language Books Language Tutorial Languages limit number of objectsJava Limit the number of objects being created in JAVA Linux Linux Administrator Linux Developer Logical Questions loops M Tech M.E. M.Tech M.Tech AND B.Tech Management Management Skills Matrices MBA mca ME microsoft mistakes Mixture Mobile Computing mock questions mock test MySql naukri NDA OOP opening Operating System Oracle paper Persistent PHP php programming php string variables PL/SQL Placement placement guide Placement Paper Placement Process preparing for placement presentation probability Problems Professional program Programming Project Engineer project idea Projects Puzzle qualities Question of the day Questions Quiz Question Recruitment Recruitment Pattern Requirement Result Resume Reviews Screen Sizes Scripting Session Skills Software Software Engineering solved papers Source Code Speed time and distance SQL SSC story Stress Interview Study Material study tips submit resume Synonym TCS Tech Mahindra tech news Technical Books Technical Interview Testing thank you letter Thought Time Table TutC++ Unix questions asked in aptitude and inteviews for MCA UPSC verbal Web Designing Web Developer Website Development What to read while loop Wipro Writing Resume

Receive Quality Tutorials Straight in your Inbox by submitting your Email ID below.

Categories

10th 3i InfoTech Academic Books Accenture ACIO ActiveX ADT Agricultural AIEEE Air Force Algebraic Amdocs Android Answers Application Development Aptitude Aptitude Questions Architectures ASP ATOS B.Sc B.Tech.B.E. Bank Exam BCA BE Board Exam Books break-continue Business Plan C C Programming C# C++ Campus campus interview Candidate profile Capgemini Career CDS Certification CET Challenge Circle Cisco class code Cognizant communication Company Company Profile Competitive Exams computer Computer Networks concentric circles constructor Course Credit Suisse CSS CTS Data Structure DBMS DC Deloitte difficult interview questions dimensions Distributed Computing do while dotNet Download ds Dynamic Web Development e-Admit card Educational engineering entertainment Even Odd Events exam schedule exception for loop fresher GATE general Discussion general knowledge Get Placed Government Job Hall Ticket HCL how to answer How to Prepare HR HR Interview HSC hypertext preprocessor IB IBM IBPS IIT Indian Army Information infosys Intelligence Bureau Internship interview Experience interview questions Interview Tips IntroC IntroC# IntroJava IntroPHP IT J2EE J2ME Java JavaScript jobs Language Books Language Tutorial Languages limit number of objectsJava Limit the number of objects being created in JAVA Linux Linux Administrator Linux Developer Logical Questions loops M Tech M.E. M.Tech M.Tech AND B.Tech Management Management Skills Matrices MBA mca ME microsoft mistakes Mixture Mobile Computing mock questions mock test MySql naukri NDA OOP opening Operating System Oracle paper Persistent PHP php programming php string variables PL/SQL Placement placement guide Placement Paper Placement Process preparing for placement presentation probability Problems Professional program Programming Project Engineer project idea Projects Puzzle qualities Question of the day Questions Quiz Question Recruitment Recruitment Pattern Requirement Result Resume Reviews Screen Sizes Scripting Session Skills Software Software Engineering solved papers Source Code Speed time and distance SQL SSC story Stress Interview Study Material study tips submit resume Synonym TCS Tech Mahindra tech news Technical Books Technical Interview Testing thank you letter Thought Time Table TutC++ Unix questions asked in aptitude and inteviews for MCA UPSC verbal Web Designing Web Developer Website Development What to read while loop Wipro Writing Resume