Penetration testing is designed to test the security of the network and identify weaknesses. Penetration is often used as a key element of a wider cyber security audit. Many types of Pen test can be deployed depending on the goals of the test; external, internal, targeted or blank sheet are some of the regularly used techniques.
Greenlight Computers Pen Testing
Pen tests can be completed with software automated applications or they can be manually delivered. In both instances, the process includes gathering information about the target pre- test, identifying possible entry points, attempting to break into the network and reporting back the findings.
The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization’s security policy compliance, its employees’ security awareness and the organization’s ability to identify and respond to security incidents.
Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.
5 Common Penetration Test options
- Blank Sheet – Where the friendly hacker is given no information and endeavours to gain access & document the weaknesses they utilised.
- External – This type of pen test targets a company’s externally visible servers or devices including domain name servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they’ve gained access.
- Internal – This test simulates an inside attack behind the firewall by an authorized user. This kind of test is useful for estimating how much damage a disgruntled employee could cause.
- Targeted – Can focus in on a specific service or part of the network e.g. protection against GDPR breach. This will often be performed in conjunction with internal users.
- 3rd Party – Will investigate how well protected your data is in a collaborative context, investigating both the company and the 3rd parties networks.
Greenlight Computers works with selected specialist partners to complete penetration tests, typically employing Pen Testers who have limited or no previous experience of the client. This methodology ensures that regular technical staff have no way of influencing the outcome based on pre-conceived understanding.
We would generally recommend that a business with sensitive data considers an annual pen test as part of their overall cyber security governance calendar.
If you think the Greenlight team can assist with your cyber security governance, please contact us.