Security Penetration Testing -- Should You Do It?

Why Computer Security Testing?

The causes of computer security vulnerabilities start with poor programming and end with poor computer user practices. Even the most security aware computer user can't keep a poorly designed system secure, and the best designed security software can't keep a user from exposing a whole network of computers to intrusion.

According to the International Computer Security Association 70 percent of sites with certified commercial Firewalls are still vulnerable to attack due to mis-configuration or improper deployment. On average companies were experiencing 30 attacks each week in the second half of 2002, and that number has increased in 2003.

Can the Shangra-la of computer security exist? In today's world we are using software that was designed with little thought to security, and well trained computer users are the exception. It looks like James Hilton's utopia won't be found in the computer world for a while yet.

Where does Security Penetration Testing Come Into Play?

By sheer numbers, most computer security compromises are caused by Malware masquerading as something else. Anti-Virus products, such as Grisoft's AVG Anti-Virus (available for free), help even the most security conscious computer user deal with the daily Malware assaults.

Internet connected computers and networks are much more directly exposed to the wiles of the hacker. Instead of having to use a Trojan approach to gain control of a computer, the hacker can wiggle the door knobs & check the windows to see if there's an easy way in.

Any computer or network that is Internet connected should have its security fully tested via security penetration testing techniques.

What is Security Penetration Testing?

Security penetration testing is where the "Guys with the White Hats" attempt to break into networks and systems. Hosts and networks located within the network are scanned and attacked by an outside White Hat Hacker. Going even further the computers and networks are attacked from within to help ensure that they are properly secured.

The test results should be seriously analyzed, and remediations performed. The cycle of testing and remediation is a never-ending one. New techniques are used to penetrate computers and networks, new equipment is added to networks, and old equipment is upgraded -- thus creating new security exposures.

Who Should Perform Security Penetration Testing?

Frequent host and network security penetration testing should be performed on a weekly basis, or when there are changes made to the systems or networks. Regression tests and overall testing schedules must be performed.

Qualified security experts are hard to come by. R. Craig Peterson of Mainstream Security Services has been performing Internet security services for more than twenty years. Experts should have substantial network and security experience also measured in years or decades.

Companies should always employ external entities to perform security penetration testing. External resources who specialize in performing security audits know how to probe to identify security vulnerabilities, and how to take that information to identify likely exploits used by the hackers.

Internal resources are unlikely to be willing to attack known weak points in the company's security, they are likely focusing on a few areas of security and may be missing important components, and they're only human. The more security experts a company have working on security penetration test and audit the more likely potential failures are to be discovered.

What to Do?

  • Run Anti-Virus Software
  • Disable Point-to-Point Applications
  • Establish Firewalls and Perimeter Defenses
  • Have External Professionals Perform Audits
  • Repeat

Also Review

View Responses (384) Post Response

Copyright 2003-2004 DGKL, Inc.

For information on reproducting articles on this site, visit http://www.esecurityguy.com/reproduction