How vulnerable are your computer systems? You may think they’re safe, but the best way to make sure is to test them. That is, you should get a specialist in IT security services to attempt harmless attacks, and see if any get through. If they turn up weaknesses, you have to fix them. This is called penetration testing, or sometimes pen-testing.
Penetration testing is different from vulnerability assessment. A vulnerability assessment locates likely points of weakness but doesn’t try to exploit them. Penetration testing goes further, seeking to access forbidden parts of the system. It could be illegal, except that it’s done with permission. If you hire a penetration tester, you should have a clear agreement on how far they can go, so they can find weaknesses without inflicting damage.
One of the tester’s goals is to see when your system detects an attack. If it catches it early and locks the tester out, that’s a good thing. If the tester can’t even get that far, that’s even better.
Sometimes you’ll give the tester limited authorization to access your system, such as a customer account. The tester will try to do things which that kind of account holder shouldn’t be able to do.
It’s a good idea to run penetration tests periodically. New weaknesses turn up in software, and testers will add them to their repertoire. Your configuration may change, opening up new vulnerabilities. Penetration tests won’t find every problem, but they’ll help to give a sense of whether your system security is strong or weak. If the test finds several problems, it’s likely you have even more.
Penetration testing is just one of the services we offer as part of comprehensive system management. To learn more, please contact us.