BNMC Blog

How a Penetration Test Plays Out

How a Penetration Test Plays Out

Wouldn’t it be nice to know how much risk your business was under, in terms of vulnerabilities and potential exploits? Believe it or not, this is entirely possible, through a process known as penetration testing. Commonly referred to as “pen testing,” this simple measure can provide a business with some very valuable insight into their security preparations.

How is a Pen Test Carried Out?

A pen test is carried out more or less exactly like any cyberattack would be. Using the same tools as the cybercriminals do, a sanctioned professional is set loose on a computing system to try and crack it as a cybercriminal would. Like any cybercriminal, the pen tester follows a basic process:

  1. Scoping – The professional and their client come to an agreement regarding the evaluation, and a non-disclosure agreement is signed.
  2. Information Gathering – The professional starts to collect any data they can on the company and its technology to help identify vulnerabilities. A shocking amount of this data is publicly available.
  3. Probing – The professional first approaches the network they are targeting, sending probes to collect any information they can. This information helps them decide which attacks are most likely to take root.
  4. Attack – Once their strategy is compiled, the professional attempts to actively penetrate the targeted system. Of course, their data collection activities continue throughout the process. This does not inherently mean that all identified vulnerabilities will be targeted.
  5. Camping – If the professional successfully gets into the system, their job is to then remain there for some time. They’ll install software that allows them to get back in when needed, even if a network administrator makes changes or reboots the system.
  6. Clean-Up – Once the professional has the data they need for their report, they remove the software they installed and effectively undo everything they did, leaving the system as it was when they first attacked.

At this point, the professional submits their report to the client, prioritizing all identified vulnerabilities by severity. This report should serve as the blueprint for the security improvements that should be implemented. Oftentimes, the professional will attempt another breach after the improvements have been put in place.

Why is Pen Testing Important?

Hopefully, this much is obvious at this point. Without an objective pen test, your only way to evaluate your security’s practical effectiveness is through a legitimate threat.

That certainly wouldn’t be the time to discover that your network is vulnerable, would it?

No, it’s better to have these threats identified in a controlled environment. BNMC is here to help you shore up any vulnerabilities that may be identified. Give us a call at 978-482-2020 to learn more about what it takes to secure your business without sacrificing productivity.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, October 29 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.bnmc.net/

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Productivity Business Computing Privacy User Tips Email Cloud Network Security Microsoft Efficiency Hackers Hosted Solutions Business Software Computer Data Workplace Tips Malware Hardware Communication IT Services Google Small Business IT Support Cloud Computing Mobile Devices Smartphone Internet Android Mobile Device Tech Term Data Recovery Managed IT Services Users Backup Phishing Innovation Ransomware Windows Outsourced IT VoIP Saving Money Information Upgrade Smartphones Facebook Social Media Windows 10 Miscellaneous Disaster Recovery communications Data Backup Microsoft Office Server Network Browser Cybersecurity Business Continuity Business Management Office 365 Quick Tips Passwords Managed IT Services Productivity Internet of Things Data Management Windows 10 Remote Monitoring Gadgets Managed Service App Apps Analytics COVID-19 Word Gmail Vulnerability Chrome Managed Service Provider Mobile Office Money Conferencing Save Money Infrastructure Encryption Collaboration Government Artificial Intelligence Remote Work Settings Networking Router BYOD VPN Access Control Employer-Employee Relationship IT Support Company Culture Spam Paperless Office Information Technology Google Drive Remote Workers Website Virtual Reality Tip of the week Applications Hacker Data storage Display IT Management Data Security Business Technology Employee-Employer Relationship Virtual Private Network Operating System WiFi YouTube Robot Risk Management Automation Content Filtering Unified Threat Management Office Tips Bandwidth Development Apple HIPAA Avoiding Downtime Education Firewall Storage Maintenance Big Data BDR Antivirus Computers Document Management Marketing Search Solid State Drive Retail Compliance Alert Business Intelligence iOS Wireless Training Outlook Hard Disk Drive Regulations Server Management Computing Bring Your Own Device Monitors Touchscreen Managed Services Vendor Management LiFi Augmented Reality Chromebook Social MSP Managed IT How To Humor Managing Stress Tablet Hosted Solution OneNote Best Practice Administration Mouse End of Support Data loss Data Breach Windows 7 IT Telephone Systems desktop Laptop Remote Computing Software as a Service Two-factor Authentication Going Green Social Network The Internet of Things Managed IT Service SaaS Customer Relationship Management Scam Printing Mobile Security Wi-Fi Break Fix Virtualization Password Downtime Holiday Drones Payment Card File Sharing Dark Data Cooperation Update Service Level Agreement Streaming Processor Windows 8 Computer Care IBM Voice over Internet Protocol Employee-Employer Relationships Black Friday Unified Communications Internet Exlporer Troubleshooting Emergency Business Analysis PCI DSS Servers Google Calendar Hybrid Cloud Logistics Hotspot Spying National Security Dark Web Deep Learning IT Technicians Optimization Network Management Security Cameras Profiles Mobile Device Management Identity Theft Connectivity Politics Inventory Customer Service Staff Leominster Human Error Memory Corporate Profile Modem Work/Life Balance FinTech Analysis Students Cyber Monday Language Health Value Private Cloud Virus Alt Codes Battery G Suite Halloween Office Samsung Scalability Legislation Asset Management Automobile Updates Microsoft Excel Peripheral Dell Mirgation Recycling SharePoint Utility Computing IoT Tech Support Budget Shadow IT Cabling K-12 Schools Device Techology Reducing Cost WannaCry Cookies Mixed Reality Smart Technology Computing Infrastructure Professional Services LED Lenovo Threats Typing Files Scary Stories Social Engineering Social Networking Statistics Migration Consulting Memes Google Maps PowerPoint Mail Merge Blockchain Management Running Cable Chatbots Twitter eWaste Laptops Downloads Current Events Star Wars Websites Gamification Wearable Technology Network upgrade VoIP Mobility Unified Threat Management Batteries Buisness Nanotechnology Shortcut Distributed Denial of Service Alerts Virtual Desktop USB Firefox Co-Managed IT Superfish Cryptocurrency RMM Sports Safety Motherboard Cables Bluetooth Comparison Onboarding Address GDPR Permissions Google Docs Policy Identity Continuity Managed Services Provider IT solutions Digital Payment Fraud Cost Management Meetings Disaster Network Congestion Smart Office Print Toner User Error Myths Hacks Digital Screen Reader Charging Slack Patch Management Hard Disk Drives Holidays Licensing Dongle Content Huawei Bitcoin Banking Wires Messaging Specifications Google Wallet Digital Signage Data Warehouse Business Growth Procedure Writing Solar Heating/Cooling Entertainment Multi-Factor Security Vendor Distribution Assessment Solid State Drives Legal Uninterrupted Power Supply Cybercrime Work Time Management Shortcuts Printer Mobile Management Spyware Smart Tech Monitoring Reviews Relocation Error Computer Repair Point of Sale Ben McDonald shares Mobile Data Travel Recovery How To Printers Black Market Mobile Computing Supercomputer CrashOverride Motion Sickness Staffing Law Enforcement Electronic Medical Records Taxes Notifications Administrator Web Server what was your? IT Budget Physical Security Emoji GPS Upgrades Gadget Financial IT Consultant Crowdsourcing Cameras Personal Information Botnet Cortana Tracking 3D Printing Cleaning CCTV Processors Machine Learning Webcam Unsupported Software Regulation

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3