Security Penetration Testing -- Should You Do It?
Why Computer Security Testing?
The causes of computer security vulnerabilities start with poor
programming and end with poor computer user practices. Even the most
security aware computer user can't keep a poorly designed system
secure, and the best designed security software can't keep a user from
exposing a whole network of computers to intrusion.
According to the International
Computer Security Association 70 percent of sites with certified
commercial Firewalls are still vulnerable to attack due to
mis-configuration or improper deployment. On average companies were
experiencing 30 attacks each week in the second half of 2002, and
that number has increased
Can the Shangra-la of computer security exist? In today's world we
are using software that was designed with little thought to security,
and well trained computer users are the exception. It looks like
James Hilton's utopia won't be found in the computer world for a while
Where does Security Penetration Testing Come Into Play?
By sheer numbers, most computer security compromises are caused by Malware
masquerading as something else. Anti-Virus products, such as Grisoft's AVG Anti-Virus (available
for free), help even the most security conscious computer user deal
with the daily Malware assaults.
Internet connected computers and networks are much more directly
exposed to the wiles
of the hacker. Instead of having to use a Trojan
approach to gain control of a computer, the hacker can wiggle the
door knobs & check the windows to see if there's an easy way in.
Any computer or network that is Internet connected should have its
security fully tested via security penetration testing techniques.
What is Security Penetration Testing?
Security penetration testing is where the "Guys with the
White Hats" attempt to break into networks and systems. Hosts and
networks located within the network are scanned and attacked by an
outside White Hat Hacker. Going even further the computers and
networks are attacked from within to help ensure that they are
The test results should be seriously analyzed, and remediations
performed. The cycle of testing and remediation is a never-ending
one. New techniques are used to penetrate computers and networks, new
equipment is added to networks, and old equipment is upgraded -- thus
creating new security exposures.
Who Should Perform Security Penetration Testing?
Frequent host and network security penetration testing should be
performed on a weekly basis, or when there are changes made to the
systems or networks. Regression
tests and overall testing schedules must be performed.
Qualified security experts are hard to come by. R. Craig Peterson of Mainstream Security Services has
been performing Internet security services for more than twenty
years. Experts should have substantial network and security
experience also measured in years or decades.
Companies should always employ external entities to perform security
penetration testing. External resources who specialize in performing
security audits know how to probe to identify security
vulnerabilities, and how to take that information to identify likely
exploits used by the hackers.
Internal resources are unlikely to be willing to attack known weak
points in the company's security, they are likely focusing on a few
areas of security and may be missing important components, and they're
only human. The more security experts a company have working on
security penetration test and audit the more likely potential failures
are to be discovered.
What to Do?
- Run Anti-Virus Software
- Disable Point-to-Point Applications
- Establish Firewalls and Perimeter Defenses
- Have External Professionals Perform Audits