Chapter 26. Validating Your Security
IN THIS CHAPTER
Understanding the importance of validating and testing the security of an organization
Understanding the difference between a security assessment and a penetration test
Identifying the tools and techniques used to test the security of a network
Determining the method attackers use to break into a system
Systems are complex and there's a good chance that any computer connected to a network has vulnerabilities that could potentially be broken into. Because any system connected to a network will most likely be scanned by an attacker, its potential for compromise is high. You have to stay one step ahead of the attacker. Therefore, it's critical that organizations perform penetration testing of their networks to better identify and proactively fix vulnerabilities.
In this chapter we'll learn about the various types of tests that can be performed and how they can be used to increase the overall security of a network. We'll also learn how attackers break into systems and use this knowledge to build more effective testing techniques.
Everyone has used or heard the buzzwords "penetration test" or "security assessment." Some even view the terms as synonymous. This section is going to identify the differences in the two types of tests and how they can be used to complement each other for the overall security of your network.
At the most basic level, a penetration test ("pen test"), red team exercise, and ethical hacking are ...