Security Penetration Testing – Network Security Evaluation Programme

penetration-testing

Penetration Testing ?

The simple definition of penetration testing (Pen testing) is used to discover and exploit the vulnerabilities in the Networking infrastructure.

A penetration testing program execution is made to discover the vulnerabilities spots in networking equipment and servers.These types of exercise running by security expert to find the weak points in the Network systems.They also  simulate the attack to exploit the vulnerabilities and gain unauthorised accessing the system, potential hackers could made it.

📌As technology evolves over the time, Cyber threats are becoming more frequent and far more modernised and sophisticated.Standard modern security design will not provide complete set of security.Hence, time to time standard security practice such penetration testing can help to find the flaw and vulnerabilities in your network and system.

The objective of penetration testing is to evaluates security weaknesses of an organization’s IT infrastructure. Pen testing is a practice of trying to exploit the vulnerabilities to check whether unauthorized access or ensure other illegitimately activity is possible. If an infrastructure is not secured, any potential hackers can disrupt or get the unauthorized access to your Network.

Penetration testing typically target the Network infrastructure , Servers , End-User , Applications and also includes the process and control for Network and Applications.These assessments are beneficially to keeps updated IT infrastructure and track records of security policy compliance and remediation plan, as well as, employee’s adherence to security policies.


📌Quick Definition

Penetration Testing focusing to inspect network security before a hacker cloud made it.The agenda behind pen testing is to discover and exploit network security gaps that could lead to compromise digital information stored in computers systems.By exploiting security holes, penetration testing helps us determine how best we can do to migrate and protect our business critical Data from modern cyber attacks.

Vulnerability assessment tools discover which vulnerabilities are present, but they do not differentiate  between flaws that can be exploited to cause damage and those that cannot.

Vulnerability scanners alert companies to the preexisting flaws in their code and where they are located. Penetration tests attempt to exploit the vulnerabilities in a system to determine whether unauthorized access or other malicious activity is possible and identify which flaws pose a threat to the application.

Penetration tests find exploitable flaws and measure the severity of each. A penetration test is meant to show how damaging a flaw could be in a real attack rather than find every flaw in a system. Together, penetration testing and vulnerability assessment tools provide a detailed picture of the flaws that exist in an application and the risks associated with those flaws.


Types of Network Penetration Testing-

Penetration Testing can be Performed in two way-:

  1. External Penetration Testing
  2. Internal Penetration Testing

An External Penetration Test can be performed from outside the network or Internet to determine vulnerabilities and what Information is actually exposed to the outside world.

An Internal penetration testing focuses on inside attacker and risks to internally connected systems. The purpose of an Internal Penetration Test is to find out what systems a malicious insider would be able to access from within the internal resources of the network.

Penetration Assessment Phases-

1. Scope and Discovery Definition

2. Information Gathering

3. Vulnerability Finding

4. Vulnerability Analysis and Remediation Scope.

5. Classified Vulnerability Area

6. Result Analysis & Reporting.

7. Remediation plan.

Security Vulnerability

Security vulnerability is a weakness of a network and system which allows hackers to gain the access on system and can trigger malicious activity. Vulnerability is loop holes or flaw in the network system. Any potential Attacker easily identify the security breach and attacker capability to exploit the vulnerabilities.
To exploit a vulnerability, an attacker must use software tool or technique that to connect to a system by using open port on that system.

Port Scanning

Port scanning is a process to identify opened port in your system and Network. Application ports are the entry points to a system that is connected over the Network and Internet. By running a port scanner software program to see and check what ports on a specific computer responds on.

A network administrator and potential hacker can get some indication that what types of services are running on a specific server and workstation. Port scanning can be run from inside your network or outside your network to see which services can be accessed from the outside world (Internet) through your firewall.

When Pen-Testing Required

As standard security practice, network security assessment should be performed on regular basis to ensure the robustness of IT infrastructure and regulatory mandates.Regular penetration testing reveal the new emerging threats and vulnerability which may cause to harm your network.In addition – Regular practice inspires your IT team keep the knowledge updated.

Whenever there is change as below – Penetration testing should be performed.

1. New network device, server added in Network.

2. New Application integrated in the System.

3. New significant change performed in the infrastructure.

4. New site commission/decommission.

5. Critical security patch upgrades.

6. New User Policy implicated.

7. New 3rd Party Services added.

Conclusion -:

This article describes about penetration and vulnerabilities assessment overview. It would help to understand the basic concept of penetration testing and assessment of network security vulnerabilities.

 

Author: Ronnie Singh

Your Feedback is Valuable for us. Pls do comments.