• Latest

Making Penetration Testing Work

31 October, 2008
China Liberal Education Holdings Limited Starts Higher Volume Production and Expands Domestic Sales Channels of All-in-one Machine AI-Space

China Liberal Education Holdings Limited Starts Higher Volume Production and Expands Domestic Sales Channels of All-in-one Machine AI-Space

19 December, 2020
Bell connecting Canadians at home for the holidays with free TV programming and no extra usage fees on residential Internet

Bell connecting Canadians at home for the holidays with free TV programming and no extra usage fees on residential Internet

18 December, 2020
TEMSA: Bus exports to be delivered to the heart of the European Union

TEMSA: Bus exports to be delivered to the heart of the European Union

18 December, 2020
EU tries to reshape the rules of the Internet

EU tries to reshape the rules of the Internet

17 December, 2020
Matterport Brings 3D Capture to the iPhone

Matterport Brings 3D Capture to the iPhone

5 May, 2020
NASA Administrator Statement on Agency Coronavirus Status

NASA Administrator Statement on Agency Coronavirus Status

15 March, 2020
Technology Supports Social Distancing in age of Covid-19

Technology Supports Social Distancing in age of Covid-19

15 March, 2020
Second Staff Exchange Between EU CyberSecurity Organizations

Second Staff Exchange Between EU CyberSecurity Organizations

19 February, 2020
Iranian Professor on the Iran-US escalation: “Iranians expected to hear a clear and steadfast condemnation from Turkish authorities over Soleimani’s death”

Iranian Professor on the Iran-US escalation: “Iranians expected to hear a clear and steadfast condemnation from Turkish authorities over Soleimani’s death”

16 February, 2020
Badly Trained Spam – Only A Quarter of Brits Train their Spam Filter

Badly Trained Spam – Only A Quarter of Brits Train their Spam Filter

6 February, 2020
Year 2020: What is the Status of 5G Rollout Worldwide and Turkey

Year 2020: What is the Status of 5G Rollout Worldwide and Turkey

31 January, 2020
Turkish Competition Authority’s Android Decision

Turkish Competition Authority’s Android Decision

18 December, 2019
  • About Us
  • Contact Us
  • Homepage
  • Latest News
  • News Widget
  • Privacy Policy
Friday, July 1, 2022
Social icon element need JNews Essential plugin to be activated.
  • Login
  • Register
Globaltelconews
Advertisement
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy
No Result
View All Result
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy
No Result
View All Result
Globaltelconews
No Result
View All Result

Making Penetration Testing Work

globaltelconews-admin by globaltelconews-admin
31 October, 2008
in English
0

UK Government released its final report on Data Handling Procedures in Government on 25 June 2008. One of key recommendations was the introduction of ‘new rules on the use of protective measures, such as encryption and penetration testing of systems’.

The UK penetration testing market has grown greatly in recent years, with a number of organisations in the industry offering a wide range of services differing widely in terms of the benefits, cost and quality of the service. But just how far can penetration testing help reduce failings in information security?

This article offers some thoughts on what considerations should be taken to ensure organisations take a comprehensive and responsible approach to penetration testing.

Defining the Scope of a Test

There are many factors that influence the requirement for the penetration testing of a service or facility, and many variables contribute to the outcome of a test. It is first important to obtain a balanced view of the risk, value and justification of the penetration testing process; the requirement for testing may be as a result of a code of connection requirement (CoCo) or as a result of an independent risk assessment.

Another important consideration is that the results of penetration testing are aimed toward providing an independent, unbiased view of the security stance and posture of the systems being tested; the outcome, therefore, should be an objective and useful input into the security procedures.

The testing process should not be seen as either obstructive or attempting to identify security shortfalls in order to lay blame or fault on the teams responsible for designing, building or maintaining the systems in question. An open and informative test will require the assistance and co-operation of many people beyond those actually involved in the commissioning of the penetration test.

A properly executed penetration test provides customers with evidence of any vulnerabilities and the extent to which it may be possible to gain access too or disclose information assets from the boundary of the system. They also provide a baseline for remedial action in order to enhance the information protection strategy.

One of the initial steps to be considered during the scoping requirements phase is to determine the rules of engagement and the operating method to be used by the penetration testing team, in order to satisfy the technical requirement and business objectives of the test. A penetration test can be part of a full security assessment but is often performed as an independent function.

Penetration Testing Mechanics

The mechanics of the penetration testing process involves an active analysis of the system for any potential vulnerabilities that may result from improper system configuration, known hardware or software flaws, or from operational weaknesses in process or technical operation. Any security issues that are found during a penetration test should be documented together with an assessment of the impact and a recommendation for either a technical solution or risk mitigation.

A penetration test simulates a hostile attack against a customer’s systems in order to identify specific vulnerabilities and to expose methods that may be implemented to gain access to a system. Any identified vulnerabilities discovered and abused by a malicious individual, whether they are an internal or external threat, could pose a risk to the integrity of the system.

Experienced security consultants who are tasked with completing penetration tests attempt to gain access to information assets and resources by leveraging any vulnerabilities in systems from either an internal or external perspective, depending on the requirements of the tests and the operating environment.

In order to provide a level of assurance to the customer that the penetration test has been performed effectively, the following guidelines should be considered to form the baseline for a comprehensive security assessment. The penetration test should be conducted thoroughly and include all necessary channels. It is important that the posture of the test complies with any applicable government regulation and policy, and the results should be measurable against the scoped requirements. The report should contain results that are consistent and repeatable, and the results should only contain facts derived from the testing process.

It should always be appreciated that there is an element of risk associated with the penetration testing activity, especially to systems tested in a live environment. Although this risk is mitigated by the use of experienced professional penetration testers, it can never be fully eliminated.

There are many types of penetration testing covering areas such as networks, communication services and applications. The fundamental processes involved in a penetration test can be broken down as scanning, vulnerability identification, attempted exploitation and reporting. The degree to which these processes are performed, is dependent on the scoping and requirements of the individual test, along with the time assigned to the testing process and reporting phases.

The tools and techniques used when performing a penetration test are dependent on the type of test required and the timescales associated with performing the test. Using a mix of automated assessment tools for vulnerability scanning and mapping, in combination with hands-on manual testing, a knowledge-focussed methodology provides customers with a best-of-breed testing service that will identify risks and issues obtained from potentially non-obvious vectors and attack paths.

Penetration Testing Assurance

An initial penetration test is essential to establishing an unbiased view of an organisation’s security stance. However, performing regular penetration testing is an integral factor in ensuring that a system is maintained at a high level of security in line with corporate requirements. Regular testing provides the management team with a constant view of the security of their systems and provides the technical team with tailored advice to assist in improving the effectiveness of the overall security and protection of the systems under their control.

Regular penetration testing should account for new trends in attack techniques and tools. An unbiased penetration test can assist customers in focusing their security resources where they are needed most.

Previous Post

New survey shows that 70% of UK businesses are not monitoring customer satisfaction effectively

Next Post

NBC Universal set to launch ‘Universal’ branded mobile portal in Japan

Next Post

NBC Universal set to launch ‘Universal’ branded mobile portal in Japan

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Navigation

  • Authors
  • Author Login
  • Author Application
  • Advertisement
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Sitemap
Social icon element need JNews Essential plugin to be activated.

© 2018 Globaltelconews.com

No Result
View All Result
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy

© 2018 Globaltelconews.com

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In