Penetration testing has been well popularized by the media. Many companies are now offering penetration services to identify vulnerabilities in systems and the surrounding processes. This report will Discuss "Penetration Testing" as a means of strengthening a corporate network's security. This report is divided into three parts. Introduction will give you a brief and basic overview of Penetration Testing and why we need Penetration Testing, The second part is the technical breakdown explains The strategy, model and type of Penetration Testing. In the conclusion, we will discuss both the value and limitation of Penetration Testing.
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications.  Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. 
1.1 What is Penetration Testing?
Penetration testing - using tools and processes to scan the network environment for vulnerabilities, [03& T, J.K et al. 2002] there are many different types of vulnerability assessments. Penetration Testing focuses on understanding the vulnerabilities of components that you've made available on the network as seen from the perspective of a skilful and determined attacker who has access to that network. It will provide a thorough overview of the state of the organisation's technical security by simulating an expert attack, helps refine an enterprise's security policy, identify vulnerabilities, and ensure that the security implementation actually provides the protection that the enterprise requires and expects. A good Penetration Testing also providing an easy to understand report with corrective actions and follow up recommendations. Regularly performing penetration tests helps enterprises uncover network security weaknesses that can lead to data or equipment being compromised or destroyed by exploits.
It is important to point out that a penetration test cannot be expected to identify all possible security vulnerabilities, nor does it offer any guarantee that a company's information is secure. Penetration testing is typically conducted at a point in time. New technology, new hacker tools and changes to a company's information system can create exposures not anticipated during the penetration testing. In addition, penetration testing is normally completed with finite resources, focused on a particular area, over a finite period of time. Hackers determined to break into a company's information systems are often not bound by similar constraints.
1.2 Why Penetration Testing
By simulating the actions that a hacker might perform, and company can gain valuable insights into the effectiveness of the security controls in place over its information systems. Penetration testing can identify vulnerabilities that unauthorized users could exploit. It can also identify more pervasive gaps and deficiencies in the...
Please join StudyMode to read the full document