A penetration test (pen testing) is an initiative to determine and evaluate the network and system security assessment of an IT infrastructure.Such network assessment test can reveal vulnerabilities in the system, which can be attended to and fixed immediately.
The objective of penetration testing is to evaluates security weaknesses of an organization’s IT infrastructure.
Pen testing is a practice of trying to exploit the vulnerabilities to check whether unauthorized access or ensure other illegitimately activity is possible. If an infrastructure is not secured, any potential hackers can disrupt or get the unauthorized access to your Network.
Penetration testing assessment is a process that defines, identifies and classifies the security breach and holes (vulnerabilities) in a Network, server, computers, improper configurations and end user’s behavior.
These assessments are beneficially to keeps updated IT infrastructure and track records of security policy compliance and remediation plan, as well as, employee’s adherence to security policies.
Vulnerability assessment tools discover which vulnerabilities are present, but they do not differentiate between flaws that can be exploited to cause damage and those that cannot.
Vulnerability scanners alert companies to the preexisting flaws in their code and where they are located. Penetration tests attempt to exploit the vulnerabilities in a system to determine whether unauthorized access or other malicious activity is possible and identify which flaws pose a threat to the application.
Penetration tests find exploitable flaws and measure the severity of each. A penetration test is meant to show how damaging a flaw could be in a real attack rather than find every flaw in a system. Together, penetration testing and vulnerability assessment tools provide a detailed picture of the flaws that exist in an application and the risks associated with those flaws.
Types of Network Penetration Testing:
Penetration Testing can be Performed in two way-:
- External Penetration Testing
- Internal Penetration Testing
An External Penetration Test can be performed from outside the network or Internet to determine vulnerabilities and what Information is actually exposed to the outside world.
An Internal penetration testing focuses on inside attacker and risks to internally connected systems. The purpose of an Internal Penetration Test is to find out what systems a malicious insider would be able to access from within the internal resources of the network.
Penetration Assessment Phases:
- Scope and Discovery Definition
- Information Gathering
- Vulnerability Finding
- Vulnerability Analysis and Remediation Scope.
- Classified Vulnerability Area
- Result Analysis & Reporting.
- Remediation plan.
Security vulnerability is a weakness of a network and system which allows hackers to gain the access on system and can trigger malicious activity. Vulnerability is loop holes or flaw in the network system. Any potential Attacker easily identify the security breach and attacker capability to exploit the vulnerabilities.
To exploit a vulnerability, an attacker must use software tool or technique that to connect to a system by using open port on that system.
Port scanning is a process to identify opened port in your system and Network. Application ports are the entry points to a system that is connected over the Network and Internet. By running a port scanner software program to see and check what ports on a specific computer responds on.
A network administrator and potential hacker can get some indication that what types of services are running on a specific server and workstation. Port scanning can be run from inside your network or outside your network to see which services can be accessed from the outside world (Internet) through your firewall.
This article describes about penetration and vulnerabilitie assessment overview. It would help to understand the basic concept of penetration testing and assessment of network security vulnerabilities.