How a Penetration Test Plays Out - SRS Networks Blog | Salinas, CA | SRS

Home

About Us

IT Services

Understanding IT

News

Blog

Contact Us

Support

SRS Networks Blog

How a Penetration Test Plays Out

How a Penetration Test Plays Out

Wouldn’t it be nice to know how much risk your business was under, in terms of vulnerabilities and potential exploits? Believe it or not, this is entirely possible, through a process known as penetration testing. Commonly referred to as “pen testing,” this simple measure can provide a business with some very valuable insight into their security preparations.

How is a Pen Test Carried Out?

A pen test is carried out more or less exactly like any cyberattack would be. Using the same tools as the cybercriminals do, a sanctioned professional is set loose on a computing system to try and crack it as a cybercriminal would. Like any cybercriminal, the pen tester follows a basic process:

  1. Scoping – The professional and their client come to an agreement regarding the evaluation, and a non-disclosure agreement is signed.
  2. Information Gathering – The professional starts to collect any data they can on the company and its technology to help identify vulnerabilities. A shocking amount of this data is publicly available.
  3. Probing – The professional first approaches the network they are targeting, sending probes to collect any information they can. This information helps them decide which attacks are most likely to take root.
  4. Attack – Once their strategy is compiled, the professional attempts to actively penetrate the targeted system. Of course, their data collection activities continue throughout the process. This does not inherently mean that all identified vulnerabilities will be targeted.
  5. Camping – If the professional successfully gets into the system, their job is to then remain there for some time. They’ll install software that allows them to get back in when needed, even if a network administrator makes changes or reboots the system.
  6. Clean-Up – Once the professional has the data they need for their report, they remove the software they installed and effectively undo everything they did, leaving the system as it was when they first attacked.

At this point, the professional submits their report to the client, prioritizing all identified vulnerabilities by severity. This report should serve as the blueprint for the security improvements that should be implemented. Oftentimes, the professional will attempt another breach after the improvements have been put in place.

Why is Pen Testing Important?

Hopefully, this much is obvious at this point. Without an objective pen test, your only way to evaluate your security’s practical effectiveness is through a legitimate threat.

That certainly wouldn’t be the time to discover that your network is vulnerable, would it?

No, it’s better to have these threats identified in a controlled environment. SRS Networks is here to help you shore up any vulnerabilities that may be identified. Give us a call at (831) 758-3636 to learn more about what it takes to secure your business without sacrificing productivity.

Tip of the Week: 3 Ways to Make Online Meetings Mo...
Keys to Warding off 2020’s Cyberthreats
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, October 27, 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.srsnetworks.net/

Latest Blog

The Federal Communications Commission has begun to target social media companies in what seems to be part of an overtly political act by the White House ahead of November’s elections. Today, we will take a look at Section 230, how it curren...

Contact Us

Learn more about what SRS Networks
can do for your business.

(831) 758-3636

SRS Networks
845 West Market Street, Bldg P
Salinas, California 93901

Account Login