These tests often require the use of hacking tools. The
tools carry out different types of attacks, which allow the team to see how the perimeter
devices will react in certain circumstances.
Nothing should be trusted until it is tested. In an amazing number of cases, a company
seemingly does everything correctly when it comes to their infrastructure security.
They implement policies and procedures, roll out firewalls, IDSs, and antivirus software,
have all of their employees attend security awareness training, and continually patch
their systems. It is unfortunate that these companies put forth all the right effort and
funds only to end up on CNN as the latest victim who had all of their customers??™ credit
card numbers stolen and posted on the Internet. This can happen because they did not
carry out the necessary vulnerability and penetration tests.
Every company should decide whether their internal employees will learn and maintain
their skills in vulnerability and penetration testing, or if an outside consulting service
will be used, and then ensure that testing is carried out in a continual scheduled
manner.
References
Tools www.hackingexposed.com/tools/tools.html
Top 100 Network Security Tools for 2006 http://netsecurity.
Pages:
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75