The technical side of network security is a complex ongoing dogfight between the white hats of network security and the black hats of hackers and other cybercriminals.
As a result, no network is safe, and indeed the FBI view is that the only secure network is one that hasn’t been hacked yet. The network security white hats need a range of tools to tell them when an attack is taking place, and what vulnerabilities their network has that exposes them to such attacks.
One such tool is the Penetration Testing tool. What is it and why should you use it?
Penetration Testing, sometimes known as pen testing, simulates a cyber attack on your network and systems. It helps you discover points of weakness in your security environment and tests breach security. That allows existing countermeasures to be refined and improved and identifies a situation where new measures are needed.
Pen testing can be carried out at three levels – a white, black or grey box test. In a white box test, background and systems information is provided. This is normally the situation where a hacker has access to systems information, perhaps as an existing or former employee.
In a black-box test, no information over and above that which is publically available is provided. That can be as little as the organisation name, or perhaps it’s website address. The hacker can find out more information with a bit of online research.
Yes, you’ve guessed, a grey box test is a combination of the two. The amount of information supplied is dependent on the type of test to be carried out and an assumption about the hacker’s capabilities.
A continuous review of network security is essential to any good network security strategy. No sooner have the white hats devised a new bit of network security technology than the black hats find a way to circumvent it. Systems and applications software upgrades may introduce new vulnerabilities and create security holes which need to be plugged.
Maintaining security is a continuous process, one of continual evolution and watchfulness.
How penetration testing can help and the areas it addresses include:
Sometimes an attack comes out of the blue, perhaps hitting a new area of vulnerability and exploiting a new systems upgrade or equipment purchase. The value of a black or white box penetration test carried out as part of the upgrade project is to ensure that new vulnerabilities aren’t introduced or existing ones reactivated.
It is also a good indicator of any new counter-measures that might be needed, either as software or perhaps training of network security staff.
Carried out regularly, an external pen test keeps people on their toes and is a good indicator of the defensive status of the network environment.
Not all attacks originate outside the organisation. Users are well known for testing the limits of their authority levels to access systems and data outside their authority. In an academic environment, IT students take it as a matter of honour to try to break the Institution’s security systems.
Regular penetration testing from inside the organisational firewall is necessary to ensure that internal defences against systems and data corruption and unauthorised access to systems and data are sufficient protection. It also supports checking of anti-malware defences.
As with external pen tests, an internal pen test is strongly recommended after software upgrades.
New Vectors and Attack Methods
The white hat versus black hat landscape is continually changing. New attack vectors and methods continually appear and must be defended against. If the network security environment, both internal and external is continually checked, then the risk of damage is minimised.
Pen tests are an essential component of regular security tests.
All organisations have Intellectual Property that needs to be protected. The ideal hack is to steal information without the organisation being aware that it has been compromised. That gives the thief time to carry out the real object of the attack or to sell on the information.
Penetration testing highlights the vulnerability of information that needs to be protected. It needs to be understood that both external and internal tests are necessary, and penetration testing is only one of the many security features needed to ensure IP safety.
The need for continuous monitoring and upgrade of network security defences cannot be overstated. Cyber-criminals are continually devising and testing new hacks and the savvy network security specialist needs to be aware of them to be able to put new defences in place, ideally before they are used against the organisation’s network.
Network security testing needs to be an integral part of system upgrade projects, and any new equipment needs to be thoroughly evaluated in a test environment before moving into production.
Penetration Testing is not the most glamourous of IT tasks, but it is an essential tool in the armoury of the network security specialist.