In the world of computer security, penetration testing is one of the most important concepts. Penetration testing is a method used to test a computer system or network to identify possible points where unauthorised access can be obtained. The purpose of penetration testing is to locate any and all points of vulnerability within the computer system. Basically the person doing the penetration testing is trying to hack into the system.

The term ethical hacking was devised to describe a tester who is hired to try and breach security in a computer system. Whereas the illegal hacker will steal information for the purposes of committing a crime, the ethical hacker will report information about hacking results so security can be improved. During penetration testing, someone has been authorised to breach a security system…if he or she can.

Assessing the Risk

Penetration testing can search for security system weaknesses in several ways.

* External Penetration Testing - tests system host and networked systems including servers and software such as firewalls
* Application Security Assessment – tests threats to a computer system which are coming from proprietary applications and usually involves security testing through interactive access
* Internet Security Assessment – an expanded version of external penetration testing which tests from multiple points of access
* Wireless Security Assessment – tests the security of a system where people are able to access it through wireless devices or by some form of remote access
* Other testing of new technologies – tests security of the system when access is possible through current and developing technologies such as VOIP or mailbox access

As you can see, assessing the risk of a security system through penetration testing can be complex depending on the type of system involved. Testing can be done periodically, but it is much better to use proactive testing which is ongoing testing 24 hours a day and seven days a week. This is the ultimate in security testing, because it means the computer system is always being checked for hacking attempts and provides management with the information needed to keep security high at all times.

Convince Me of the Benefits

There are a number of benefits you get with penetration testing. The most common test performed is the External Penetration Test. When this test is completed, you get valuable information which can be used to enhance security to protect company assets.

* Vulnerability report indicating most likely breach locations
* Testing of all security components including router and firewall testing
* Password testing including identifying employees who have chosen vulnerable passwords
* Application testing to insure system has not been modified
* Communication testing
* Wireless security testing

Experts in penetration testing will perform comprehensive testing procedures which make a ferocious attack on the computer system. The goal of the tester is to gain access to sensitive and useable company data. There will be many different approaches taken just like a real hacker would use.

At the completion of testing, management gets a report which details the results. This information can then be used to strengthen the computer security system.