
53Sociological andCultural Aspects
Penetration testing also depends upon how well chosen the access methods are,
and how easily they can be cracked. In the case of a certicate authority (CA) server,
it has to be properly congured with up-to-date software that cannot be easily
corrupted. As long as there is a backup CA server, it should prove fruitful to attack
one to see what expectations an end-user can have of it.
An alternative to attacking live equipment is to try out an attack on a virtual-
ized platform of some sort. This is a brand new approach that has not received
much attention until now because of issues regarding time of day accuracy ...