What is a penetration test (pen test)?

With penetration tests (often referred to as pen tests), it’s possible to determine the likelihood of an attack on your network, including individual systems within the network as well as specific applications. Find out how such tests are conducted and what they mean for a network that is already in use.

What is penetration testing?

In the IT sector, a penetration test is a planned attack on a network of any size or individual computers that aims to uncover vulnerabilities. To achieve this, various tools are used to simulate different attack patterns, which are modelled around common attack methods. Typical components that undergo a pen test are:

  • Network coupling elements such as routers, switches and gateways
  • Security gateways such as software and hardware firewalls, packet filters, virus scanners, load balancers, IDS and IPS etc.
  • Servers such as web servers, database servers, file servers etc.
  • Telecommunication systems
  • All types of web applications
  • Infrastructure installations e.g. control access mechanisms
  • Wireless networks that are part of the system such as WiFi or Bluetooth

Testing is normally divided into black box, white box and grey box testing: with black box testing, penetration testers are only given information about the address of the target network or system. With white box testing, the testers have extensive knowledge of the systems they are going to test. In addition to the IP address, they also receive information about the software and hardware components being used. Gray box testing, which is the most common form of penetration testing, combines black box and white box testing methods. Basic information about the IT infrastructure is made available, such as what the systems are used for and their general makeup.

What do I need for a pen test?

How can you create a custom penetration test for your own network? Below you’ll find essential information about what you need to consider when conducting a penetration test.

How can I prepare for a pen test?

To successfully conduct a pen test, it’s important to first establish a clear plan. Identify which components need to be tested, whether you have all the necessary tools on hand and the timeframe for each individual test as well as for the overall assessment of your network.

The preparation phase is even more critical if you’re hiring external testers, and you want to use the white box testing method. If this is the method you want to use, you’ll need to provide the testing team with all the information about your network and its systems as well as with the documentation you have for your system. For a black box test, the process is different. With this method, you’ll only need to disclose the target addresses of the components that should be tested.

Note

Pen testers should have expertise in key technical areas such as system administration, network protocols, programming languages, IT security products, application systems and network components.

What are the best tools for penetration testing?

Since there are so many different kinds of attacks, it makes sense to have lots of different tools available for penetration testing. Some of the most important ones are:

  • Port scanners: port scanners use specialised tools to identify open ports in a system.
  • Vulnerability scanners: vulnerability scanners examine systems to check for existing security vulnerabilities, faulty configurations and inadequate password and user policies.
  • Sniffers: a sniffer is used to analyse network traffic. The stronger the encryption, the less information it will be able to gather.
  • Packet generators: packet generators are tools used to generate or simulate network traffic data. This makes it possible to mimic network traffic during a penetration test.
  • Password crackers: pen testers use password crackers as a way to obtain passwords that aren’t secure.

Many of the tools listed above have been explicitly developed for network security tests and as a result, are tailored to specific test areas. While the vast majority of these programs come from the open-source sector, there are some commercial security applications, which are generally better documented and come with comprehensive IT support.

Tip

There are now extensive tool collections available for penetration tests. These collections have been compiled by experienced security experts and often work with a stable Linux distribution. One of the most popular distributions is the Kali Linux distribution, which was first released in 2007.

What are the different steps of a penetration test?

The test procedure for a pen test can be divided into the following four steps:

Review network concept

A penetration test can reveal inconsistencies or weaknesses in the design of a network or in individual components as early as the preparation stage. For example, if multiple applications are configured with different access groups, they can quickly create complications and present a security risk for the entire network, even if the network and individual hosted programs are adequately protected. Some of these cases can already be resolved during a preliminary discussion, while others can only be confirmed by carrying out a practical test.

Test hardening measures

Ensuring that the systems used in a network are as secure as possible is at the core of having a secure corporate network. During the pen test, it is important to check the defence measures that are already being taken. This includes checking installed software such as operating systems, system services and applications, which should always be up to date. If older versions are being used because they are compatible with other applications, you need to take alternative precautions to protect your system. In addition, access and authentication requirements for individual systems and programs play an important role. Here the pen test deals with issues such as:

  • Access rights
  • Password use and encryption
  • Use of existing interfaces and open ports
  • Defined rules (e.g. firewall rules)

Search for known vulnerabilities

It generally doesn’t take long to detect security vulnerabilities, which is why penetration testers are generally familiar with the attack points of the test objects they are examining. With the information that the testers gathered on version status and patch level during their research on network component hardening, they can quickly identify which applications pose a security risk. If many systems are to be analysed in a short time, using vulnerability scanners can be helpful, although they don’t always provide an accurate result.

Targeted use of exploits

The tester can only work out whether the discovered vulnerabilities can be exploited or not by actually exploiting them. The command sequences used for such exploits are typically scripts obtained from different internet sources. These aren’t always securely programmed though. If an unsecure exploit is carried out, there is a risk that the application or system being tested will crash and, in the worst case, important data may be overwritten. This is why penetration testers should be careful and only use reliable scripts from reputable sources, or refrain from testing the vulnerability altogether.

Note

The testing team should make a note of all the steps and results of the pen test. This way, you have the optimal basis for understanding individual steps and evaluating the situation. Based on recommended priority lists, you can optimise the process for protecting your system step by step. It is generally recommended to conduct a penetration test at least once a year.

What are the pros and cons of penetration testing?

Homogeneous computer structures are a thing of the past. Today’s decentralised IT structures can cause new vulnerabilities and errors on a daily basis. While sometimes software creators can quickly fix these errors, it can sometimes take them a bit longer to remedy such issues.

This is where penetration testing shows it strengths, providing the following advantages:

  • Pen tests examine systems in much more detail than an ordinary security check.
  • The basic goal of penetration testing is to check how well individual components work together.
  • With an external tester, you get an additional opinion as well as a different view of your underlying security concept.
  • Professional penetration testers are specially trained and approach your system as a hacker would.

Penetration testing, and collaboration with external testers in particular, also comes with its own set of drawbacks though:

  • While the pen test is being conducted, the testing team has access to internal information and processes.
  • With penetration tests, there is always the possibility that the test can cause irreparable damage.
  • Pen tests only provide snapshots of your network systems and as such, should never be used as a reason to forgo using common safety measures.

It’s also important to keep in mind that traditional pen tests don’t assess risks associated with social engineering. Many companies offer services to identify such vulnerabilities and provide special trainings on how to prevent social engineering attacks as well.

Page top