Once the weak points are identified, organisations will become even more capable of addressing the loopholes, and thereby implement a better-structured system, which is more resilient against potential hackers or attackers. This is where the Penetration testing process and other scanners come into the picture. A penetration testing process, or occasionally called pentest, is a process under which the security of an IT infrastructure or a computer system is evaluated by simulating a cyber attack from a known malicious source. In April 1995, Dan Farmer and Wietze Venema released a program called Security Administrator Tool for Analyzing Networks, shortened to SATAN.
Written largely in PERL, it was designed to automate the process of testing systems for security vulnerabilities, and also picked up large amounts of general network information, such as which hosts are connected to subnets, what types of machines they are, etc. (Sommer, 2006, p. 69). Apart from this, there is a number of updatable commercially available scanners including vulnerability and port scanners, which can update itself with the known hardware and software vulnerabilities. That is, these tools will also test the system for any risks and could even suggest corrective options.
For example, the information provided by such scanning tools provides technical details of the vulnerability and at the same time also gives instructions as to how to eliminate the vulnerabilities by altering configuration settings. (Federal Office for Information Security, 2003). 2.1. Penetration ProcessPenetration and scanners include a set of processes or protocols, which are devised from the perspective of the attacker and how they will try to intrude a network with negative intent. These protocols are then applied to a network, and the process of penetration involves analysing the system and finding potential vulnerabilities, which are caused by poor or improper system configuration, known and/or unknown hardware or software flaws, etc.
(Godbole, 2009, p. 45). In addition, Penetration testing services offered by security consultancies will include checking a business's firewall, looking for weaknesses in its internet gateway or website, etc. (Sommer, 2006, p. 71). After the analysis is done, any security risk will be provided to the system or organisation’ s owner, along with the assessment of the risks, and importantly mitigation solution or solutions.
Please type your essay title, choose your document type, enter your email and we send you essay samples