Defining Penetration Testing
1.0Introduction
The primary reason for testing the security of an operational system is to identify potentialvulnerabilities and subsequently repair them. The number of reported vulnerabilities is growingdaily; for example, the number of new information system vulnerabilities reported to the Bugtraqdatabase has more that quintupled since the start of 1998, from an average of 20 to over 100per month.The number of computers per person in many organizations continues to rise, increasing thedemands on competent and experienced system administrators. Consequently, it is imperativethat organizations routinely test systems for vulnerabilities and misconfigurations to reduce thelikelihood of system compromise.Typically, vulnerabilities are exploited repeatedly by attackers to attack weaknesses thatorganizations have not patched or corrected. Generally a small number of flaws in softwareprograms are responsible for the vast majority of successful Internet attacks.SANS Security Alert lists these vulnerabilities and outlines recommendations and suggestionsfor overcoming these weaknesses. In this environment, security testing becomes critical to allorganizations interested in protecting their networks.Technically speaking, a penetration test is the controlled attempt at penetrating a computer system or network from “outside” in order to detect vulnerabilities. It employs the same or similar techniques to those used in a genuine attack. Appropriate measures can then be taken toeliminate the vulnerabilities before they can be exploited by unauthorized third parties.
1.1Controlled testing from an organizational perspective
Penetration tests are a way to identify vulnerabilities that exists in a system or network that has an existing security measures in place. A penetration test usuallyinvolves the use of attacking methods conducted by trusted individuals that aresimilarly used by hostile intruders or hackers. Depending on the type of test that isconducted, this may involve a simple scan of an IP addresses to identify machines thatare offering services with known vulnerabilities or even exploiting knownvulnerabilities that exists in an unpatched operating system. The results of these testsor attacks are then documented and presented as report to the owner of the system andthe vulnerabilities identified can then be resolved.a penetration test does not last forever. Depending on the organization conducting the tests, thetime frame to conduct each test varies. A penetration test is basically an attempt to breach thesecurity of a network or system and is not a full security audit. This means that it is no morethan a view of a system’s security at a single moment in time. At this time, the knownvulnerabilities, weaknesses or misconfigured systems have not changed within the time framethe penetration test is conducted.
3
Leave a Comment