Penetration testing
What is penetration testing and why should you do it?
This is also known as pen testing. Penetration testing is performing a cyberattack simulation which we can launch in a controlled environment on your computer system/network.
It also helps us to discover points and weaknesses within your current system where it could potentially be exploited and breached.
We recommend doing a pen test at least once a month as technologies is constantly advancing and new viruses/cyber-attacks are on a constant rise.
By performing a pen test, it will challenge your networks security showing us exactly what areas are wide open for a potential cyberattack whilst not harming your current network system. We can help determine after a pen test, how we can make improve and try strengthening your current network system.
Prior to us conducting a pen test, we will carry out an audit to ascertain two separate lists. One is an excluded activities list plus one which will be an excluded devices list.
There are several types of penetration testing we can carry out such as;
Network Infrastructure
This is the most common and widely performed pen test. It primarily focuses on the internal infrastructure. This test is quite complex as it will test a business’s segmentation policy. In an external test, the pen testing will focus on the perimeter protection such as bypassing firewalls.
Web Application
This type of pen testing is vital for a business and might include issues such as SQL injection, cross-site scripting, weak cryptography, and insecure authentication. As businesses are now using more and more web applications where some are publicly available, this poses a higher risk for an external attack.
Wireless
Testing method used to identify and exploit insecure wireless network configurations. It will also identify weak authentications. If you are a business that has a lot of mobile devices, but you aren’t sure if they are secure, this is a great way to find out if the mobile devices that are connecting to the networks are secure.
Social Engineering
This is used to simulate social engineering attacks such as phishing, baiting and pretexting. This testing is used to try and manipulate employees and tricking them into clicking on links. This kind of testing can help reveal how likely it is your employees could make small mistakes into making the internal part of the business vulnerable.
If you are unsure as to which penetration test option is best suited for your business, please contact us via enquiries@cts-group.co.uk where we can help put your mind at rest. Our friendly, specialised and experienced IT Technicians are on hand to put your mind at rest.
Leave a Reply
Want to join the discussion?Feel free to contribute!