As manager of our
systems and the most important responsibilities is to maintain the security of
our least vulnerable platform possible and this is important to constantly put
to the test the security methods that we have implemented and also can detect any
vulnerabilities that existed before this is exploited by an attacker. And
this is where penetration testing, pentest called, which is the
method of evaluating the security of network, applications or systems and
communication solutions simulating a computer attack on a network server or
from an external or internal source enters. The process involves an active
analysis of all computers on the network to detect any security vulnerabilities
by a fault in the server configuration or safety equipment.
The penetration test
is very important for the many reasons.
- Determine the set
of attack vectors
- Identify critical
risks vulnerabilities that result from a combination of lower-risk
vulnerabilities exploited in a particular sequence
- Identify
vulnerabilities that may be difficult or impossible to detect with automated
network or scanning software vulnerabilities.
- Test the ability
of the network defenses to successfully detect and respond to attacks
The Penetration
Test consists of two stages of testing:
External
Penetration Test: The goal is to remotely access the computers in the
organization and position as a system administrator. Are made from outside the
Firewall and consist penetrate the Demilitarized Zone (DMZ) and then access the
internal network. It consists of a large number of tests, to mention a few:
- User Testing and
the "strength" of their passwords.
- Capture traffic.
- Detection of
external connections and address ranges.
- Detection
protocols used.
- Scanning of TCP,
UDP and ICMP ports.
- Attempts to
access via remote access.
- Security analysis
of the connections with suppliers, remote workers or entities outside the
organization.
- Tests
vulnerabilities and known at the time of completion of the Test.
- Testing Denial of
Service.
Internal
Penetration Test: This type of testing is to demonstrate that the level of
internal security. Provision must be made to do an internal attacker and far
will be able to enter the system as a user with low privileges. This test also
consists of numerous tests:
- Analysis of
internal protocols and vulnerabilities.
- User
Authentication.
- Checking
permissions and shares.
- Test the main
servers (WWW, DNS, FTP, SMTP, etc.).
- Test
vulnerability on proprietary applications.
- Level intrusion
detection systems.
- Analysis of the
security of workstations.
- Network Security.
- Verification of
access rules.
- Denial of Service
Attacks
Webimprints is
a penetration
testing company in Mexico that
provides both internal and external penetration testing services. Posted
by Webimprints.
No comments:
Post a Comment