Welcome to #WeekendWisdom number 45. This week we’re going to talk about Penetration Testing.
What is penetration testing?
Penetration testing is also known as Pen Testing and there are a couple of different types of it.
There is physical penetration testing where you have companies that send in good people to try and break into a premises or a facility belonging to their client. They might try to exploit things like doors left unlocked or set ajar. Or perhaps tailgating somebody going in from a smoking break, who have been outside and they just follow them back in to the controlled office area. Then when they get inside of physical premises, they might try and get access to a network point somewhere and get onto the company network by that means. So that’s the physical side.
On the digital side, penetration testing would be where they try to break into the network remotely, through the firewall, over the internet and gain access to the systems that way. Or they’ll come in and they’ll connect to the network and then try and scan the network for potential vulnerabilities. Looking for weak or default passwords on devices like routers and cameras and phones and things like that. Where they can then use those passwords to further exploit the network.
What is the output from a penetration test?
So these penetration tests, when they’re completed, the company that does the test will create a report which will give you a critical list of the most important things to fix, with recommendations on how they can be fixed and you can secure your environment from there.
So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
For small business, we can carry out assessments on your infrastructure and point out obvious physical security issues, however we do not carry out formal penetration testing. We do recommend penetration testing experts who would be able to address your needs.
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.