Another Day Another Hack
Everyday in the news, you hear about a company trying to pick up the pieces after a data breach. For example, last month, Capital One went through a major data breach. An unauthorized user had the ability to find a way into their systems and access sensitive customer information.
Many ask, how does this happen? Is the hacker just that good that they can bypass any and all security measures? Or, is it the company’s fault for not implementing proper security protocols?
All in all, the reason for such data breaches and attacks are due to all of the above and more.
The next question that is often asked is how do companies ranging from large to small, prevent this from happening?
This is where penetration testing comes in. In this article, we’re going to break down penetration testing. Let’s get started.
Cyber Protection Group – A Penetration Testing Company
If you couldn’t guess by the title of the site you are currently on, not only is CPG a source for cyber news, but we are also a penetration testing company.
Further, I figured it was about time to create an article that breaks down what we do!
What is Penetration Testing?
To begin, the definition of penetration testing or pen testing is, “the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit” .
Pen testing is also dubbed “ethical hacking”. So to put it simply, pen testing is a way to test computer systems in the same way a hacker would. But, in a proactive measure, in order to see what the problem areas are and correct them. This helps to protect against outsider threats by fixing the vulnerabilities before they can exploit them.
The bottom line is, pen testers find vulnerabilities before the bad guys do.
Types of Penetration Tests
To continue, two main types of penetrations tests exist. The two types are: Internal and external pen tests. While several other types exist like web application testing, in this article, we will focus on the main two.
External Penetration Tests
First, we will be taking a look at external penetration tests. An external pen test is also known as an unauthenticated test. This is due to the fact that whoever is performing the test does not have login credentials. Further, the only information that they are able to use is what is publicly available online.
So, to execute the test, an ethical hacker will attempt to access an internal network from the outside. They may discover a vulnerability that they can leverage in order to gain access to an internal system.
This situation is a prime example of why it is so important for companies to have pen testing performed. If a pen tester finds the vulnerability that could allow an unauthorized user into internal networks, it can be mitigated.
If a malicious user finds it and a company doesn’t know about it, this could lead to major problems. The possibilities range from data breaches to ransomware.
But, the beauty of pen testing is that all of those issues could be pretty much proactively prevented.
Internal Penetration Tests
Continuing on, the other popular form of penetration testing is internal pen tests. This test is the opposite of an external test. This means that the pen tester will be given login credentials to see what they can do inside a network or system.
While this type of testing has the same goal of an external test (to get to an internal network) the execution is slightly different. With an internal test, the tester will see what damage they can do on the inside. When an attacker is on the inside, they have endless possibilities for an attack.
A few examples include a malicious user propagating through a company network and access servers, devices and event client/employee information. Once accessed this information can also be encrypted with ransomware or even deleted permanently.
With pen testing, professionals can identify these possible issues and recommend proper mitigation techniques. The solution here would be internal security protocols like intrusion detection and data backups.
Why Penetration Testing in Important
All in all, penetration testing can prevent a plethora of security issues for a company large or small. This is a type of proactive security. For example, a company like Cyber Protection Group can get try to hack or even work from the inside of a system to find vulnerabilities before the bad guys do.
In this day in age with ever evolving technology, criminals evolve as well. External and internal penetration testing is a great way to protect your business, employees and customers.
If you are a company or individual looking for penetration testing services, CPG offers a wide range of testing and vulnerability assessments. CPG is located in Central Pennsylvania, and this location allows our company to be extremely competitive with pricing, as well as personable and great to work with.
Check out our penetration testing page for more information on our services.
By Taylor Ritchey