A penetration testing is ongoing process of evaluating computer and network security by simulating an attack on a computer system or network from external and internal threats. The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures.This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities. Security issues uncovered through the penetration test are presented to the system's owner. Effective penetration tests will couple this information with an accurate assessment of the potential impacts to the organization and outline a range of technical and procedural countermeasures to reduce risks.
Types Of Penetration Testing
Penetration testing service is divided into two types.
External Penetration testing :
- External Penetration testing
- Internal Penetration testing
An External Penetration Test differs from a vulnerability assessment in that it actually exploits the vulnerabilities to determine what information is actually exposed to the outside world. An External Penetration Test mimics the actions of an actual attacker exploiting weaknesses in the network security without the usual dangers. This test examines external IT systems for any weakness that could be used by an external attacker to disrupt the confidentiality, availability or integrity of the network, thereby allowing the organisation to address each weakness.
External Penetration Test follows best practice in penetration testing methodologies which includes:
Internal penetration testing :
- Public Information & Information Leakage.
- DNS Analysis & DNS Bruteforcing.
- Port Scanning.
- System Fingerprinting.
- Services Probing.
- Exploit Research.
- Manual Vulnerability Testing and Verification of Identified Vulnerabilities.
- Intrusion Detection/Prevention System Testing.
- Password Strength Testing.
Internal penetration testing provides protection from internal threats and ensures that internal user privileges cannot be misused.Too often organisations rely on the first line of defence to prevent compromise. A successful attack may occur through a valid communication channel, as a result of human error or a software defect in the perimeter. At this point, the security level of each system adjacent to the compromised host will determine the degree to which the attacker can further penetrate the infrastructure. It is therefore recommended that testing be performed on critical systems in the DMZ or on the internal network using black box techniques. Testing of the corporate user network may also identify the impact of poor access controls, and help to mitigate the impact of a malicious or disgruntled employee.
DELIVERANCES BY MSS :
- International Training Certificate
- Project Certificate.
- Study Materials.
- DVD - Containing Hacking Tools / Hacking OS.
- Video Membership.
- Life Time membership Card.
- Unlimited Training For 1 Year for Any Course.
- 24 x 7 Wi Fi Enabled Lab Facility.
- Practical Implementation by having hands on experience on live demo and project.
- Training Conduct by Zero Day Exploit Writer faculty.