How to do a Penetration Test in 5 steps.
If you want to fully protect a fortress, you better do more than deploy a bunch of soldiers to man the walls. Defending the perimeter is important, of course. However, simulating the tactics of the enemy by trying to break through the weakest defenses should drive your comprehensive strategy.
In IT security, we call such a move penetration testing (or pen testing). Its value for protecting cyber perimeters was influenced by military strategy, and it’s been well-tested since the very first time-sharing computer systems came online in the 1960s.
By the late ‘60s, the ability to share computing resources – innovative as that was – had created a real security concern. Some of the best minds of the time (computer specialists, as well as members of the National Security Agency and the Department of Defense), started talking about how they’d be able to fight off “penetration” of these shared computers. They soon came up with the first penetration testing plans, carried out by “tiger teams,” whose job was to crack security weaknesses.
Modern penetration testing
Today, penetration testing is an essential part of IT security. A simulated attack on systems or an entire IT infrastructure, the pen test exposes the weakness in your core attack vectors: operating systems, network devices and application software. The idea is to break through the fortress, so you can see where you need to rebuild stronger.
This practice has never been more important than it is today. The threat landscape is constantly changing. With DDoS attacks, phishing, ransomware and countless other tactics used by increasingly sophisticated cyber criminals, the best defense starts with knowing your weaknesses.
This, too, stems from military strategy. In the fifth century, Sun Tzu’s wrote in his “Art of War” manual, “If ignorant of your enemy and yourself, you are certain to be in peril.” Pen testing erases ignorance, particularly around this critical question:
Will my security controls hold against an active, skilled attacker?
Maintaining IT security requires constant vigilance. Ethical hackers with pen testing missions must be part of that effort. Set them on regular missions to stay ahead of new vulnerabilities and fortify your IT security.
Ready to learn more about how pen testing can stop breaches? Download our free e-book, “Pen Testing: Thinking Like Your Enemy Yields World Class Security.”