What is Pen Testing?

How Pen Testing Works

How do I perform penetration testing?

Penetration testing challenges a network's security. Given the value of a business’s network, it is imperative that businesses consult with experts before pen testing. Experts can ensure that testing does not damage the network, and they can also provide better insights into vulnerabilities. Pen testing experts can help businesses before, during, and after the tests to help obtain useful and beneficial results.

Is pen testing the same as a vulnerability assessment?

Pen testing and vulnerability assessments are not the same. A vulnerability assessment is primarily a scan and evaluation of security. But a pen test simulates a cyberattack and exploits discovered vulnerabilities.

Can a penetration test destroy my network?

Network integrity is the number one concern for businesses considering pen testing. Responsible penetration testing teams will have multiple safety measures in place to limit any impacts to the network.

Prior to a pen test, the business works with testers to create two lists: an excluded activities list and an excluded devices list. Excluded activities may include tactics like denial-of-service (DoS) attacks. A DoS attack can completely obliterate a network, so the business may want to guarantee it will not be done on a pen test.

What is ethical hacking?

Ethical hacking is synonymous with penetration testing in a business context. Basically, in pen testing an organization is ethically hacked to discover security issues. Some people refer to hacking efforts by rogue individuals for political reasons as ethical hacking, or hacktivism. But any unauthorized hacking efforts are malicious and illegal. Penetration testing includes consent between the business and the tester.

Learn how Cisco can help with pen testing

Types of penetration testing

Network infrastructure

An attack on a business’s network infrastructure is the most common type of pen test. It can focus on internal infrastructure, like evading a next-generation intrusion prevention system (NGIPS), or the test can focus on the network’s external infrastructure, like bypassing poorly configured external firewalls.

In an internal test, businesses may be focused on testing their segmentation policies, so an attacker focuses on lateral movement in the system. In an external test, the attacker focuses on perimeter protection, like bypassing a next-generation firewall (NGFW).

Network attacks may include circumventing endpoint protection systems, intercepting network traffic, testing routers, stealing credentials, exploiting network services, discovering legacy devices and third-party appliances, and more.

Web application

True to its name, this test focuses on all web applications. While web applications may have some overlap with network services, a web application test is much more detailed, intense, and time consuming.

Businesses use more web applications than ever, and many of them are complex and publicly available. As a result, most of the external attack surface is composed of web applications. Some web applications are vulnerable on the server side, and some are vulnerable on the client side. Either way, web applications increase the attack surface for IT departments.

Despite their cost and length, web application tests are crucial to a business. Web application issues may include SQL injection, cross-site scripting, insecure authentication, and weak cryptography.

Wireless

A wireless test looks for vulnerabilities in wireless networks. A wireless pen test identifies and exploits insecure wireless network configurations and weak authentication. Vulnerable protocols and weak configurations may allow users to gain access to a wired network from outside the building.

Additionally, businesses are using more mobile devices than ever but struggle to secure them. A wireless pen test will try to exploit corporate employees that use their devices on insecure, open guest networks.

Social engineering

Social engineering tests simulate common social engineering attacks such as phishing, baiting, and pretexting. These attacks aim to manipulate employees into clicking a link or taking an action that compromises the business network. Often, clicking the link authorizes access, downloads malware, or reveals credentials.

A social engineering test can reveal how susceptible a business’s employees are to these attacks. Small employee mistakes can grant adversaries their initial access to the business’s internal network.

Physical

Finally, businesses can do a physical pen test that focuses on the physical security of their organization. During these tests, an attacker attempts to gain building access or find discarded papers or credentials that can be used to compromise security. Once inside the building, an attacker may attempt to gather information by eavesdropping or hiding rogue devices in offices to give remote access to the business’s internal network.

While IT typically focuses on digital security, tools for network protection can be useless if the business allows building access or reveals information to outsiders. For example, an employee may let someone into the building or offer a Wi-Fi password without checking to see if the person requesting access is an employee.