These days, many businesses now have their own computer network through which they run many of their operations. It is important that you take as many steps as possible to keep this network secure at all times, so testing it regularly really matters. One common type of network security test is called a penetration test, which is when someone tries to access the network to see if it has any flaws. Firstly, you need to define the parameters of the test so you know what you're dealing with.
The parameters of your test will normally be defined at a planning meeting. For instance, you need to decide whether you want to just test a specific part of your system or the whole network. It's often a good idea not to tell most of your staff about the planned test, but the relevant people will need to be in attendance at this meeting alongside the people you have hired to carry out the penetration test, as they will need to know exactly what you want them to do.
Information gathering is the next part of the process. This is carried out by the penetration testers with the aim of seeing what they can find out about the network you have asked them to test. They might look at sources of information in the public domain, such as to find out what they can about your web host and server information, as this might play a part in their penetration test. They may also see what information is available on your website.
After completing the period of information gathering, it is time to start the penetration test itself. The information the testers have found will often highlight potential vulnerability within your network, so they will often focus on this during the test. Server PCs are a common target that they are likely to look at. One thing you need to be aware of is that some of the actions the testers will be taking is illegal, so bear this in mind when you are putting things into motion.
Following the penetration attempt itself, there will be a period of analysis during which the people who carried out the test will review the information they have found and then report back on it to the company who requested the check. It is important that these findings are followed up on and any problems with the security are fixed as soon as possible because next time, your security might be breached by someone who means harm. Stopping that from happening is vital.
The parameters of your test will normally be defined at a planning meeting. For instance, you need to decide whether you want to just test a specific part of your system or the whole network. It's often a good idea not to tell most of your staff about the planned test, but the relevant people will need to be in attendance at this meeting alongside the people you have hired to carry out the penetration test, as they will need to know exactly what you want them to do.
Information gathering is the next part of the process. This is carried out by the penetration testers with the aim of seeing what they can find out about the network you have asked them to test. They might look at sources of information in the public domain, such as to find out what they can about your web host and server information, as this might play a part in their penetration test. They may also see what information is available on your website.
After completing the period of information gathering, it is time to start the penetration test itself. The information the testers have found will often highlight potential vulnerability within your network, so they will often focus on this during the test. Server PCs are a common target that they are likely to look at. One thing you need to be aware of is that some of the actions the testers will be taking is illegal, so bear this in mind when you are putting things into motion.
Following the penetration attempt itself, there will be a period of analysis during which the people who carried out the test will review the information they have found and then report back on it to the company who requested the check. It is important that these findings are followed up on and any problems with the security are fixed as soon as possible because next time, your security might be breached by someone who means harm. Stopping that from happening is vital.
Sem comentários:
Enviar um comentário