Network Security is becoming more and more crucial as the volume of data being exchanged on the Internet increases. When people use the Internet, they have certain expectations. They expect confidentiality, data integrity, and authentication (CIA Standards). In 1980’s most organizations had only a physical boundary that needed the protection of the assets. Today, due to the changes in the way resources are made available Organizations are forced to verify that their assets are protected from both the external and internal threats that our working environment has enabled. Due to the increasing dependency of our society on networked information system the overall security of these systems should be measured and improved. The most accurate method to evaluate organization’s information security stance is to observe how it stands up against an attack.
Network administrators have often tried their best by improving their network security, however with the rapid surface of new exploits; the best way of ensuring that the system is secure is to attempt penetration testing. This would be the most effective way to find exploits and to proof whether a system is vulnerable. Penetration testing often allows the security analyst to find new vulnerabilities.
“Penetration Testing is the process of validating that the securities of our assets in our entire environment meet the CIA standard as specified by the company.” It is a form of stress testing, which exposes weaknesses of flaws in a computer system. It is more art of finding an open door from where the attack is possible.
Penetration testing is a testing technique for discovering understanding and documenting all the security holes that can be found in a system. It is an authorized attempt to violate specific constraints stated in the form of a security or integrity policy. It is a test for evaluating the strengths of all possible security holes and provides suggestions for fixing them. This testing typically includes network penetration testing and application security testing as well as controls and processes around the networks and it should occur from both outside the network trying to come in (external testing) and from inside the network(internal testing).