Penetration Testing and the Delicate Balance Between Security and Risk
Penetration testing helps arm system administrators with the information they need to determine acceptable levels of risk in systems and networks.
Imagine your server is similar to the house you call home. Now think for a moment about hackers as burglars. Are you willing to bet your job on the fact that even if the locks on your front door will keep an intruder out that your double-glazed windows will too? The same goes for IT: To be truly certain that they know the risks to which they are exposed, every IT department needs comprehensive and frequent penetration testing on their systems and networks.
Security professionals use penetration testing to help better understand the risks to their systems and network. Here we'll take a look at what this important type of testing involves and how it can help keep the bad guys out.
Internet = Risk
It's been said that the safest computer is a computer switched off and therefore not connected to a network. Anything that's hooked up poses a risk from hackers. Even an innocuous piece of equipment like a network-ready printer might end up giving an attacker access to an entire local network; all that hacker has to do is exploit one of the printer's software bugs successfully. These days, attackers can even awaken remote computers and do with them what they will! Even so, whether you're an average user or an experienced systems administrator, there's a very real need to carefully consider your exposure to the internet.
Types of Hackers
Thankfully not all highly skilled engineers want to defeat security measures; some of them, namely ethical hackers, aim to improve them. They're often called "white hats," and as this term's antonym suggests, "black hats" are interested in the opposite. They purposefully attack systems and networks in order to exploit their vulnerabilities. They aim to either destroy them or use them to their advantage, and they're driven by a variety of agendas. (To learn more about the positive aspects of hackers, see 5 Reasons You Should Be Thankful For Hackers.)
Taking an internet server as an example, it's critical to understand how a systems administrator must consider its weaknesses with regards to security. Fundamentally, and in the simplest of terms, it's key to know how the inside and the outside of a system appears to an attacker. That's because what a server looks like from the outside and from the inside are completely different.
To the internet, a server might be firewalled with a handful of ports left open to provide services such as SMTP for email and HTTP for a website. These are the network-facing services. On the server itself lurks a myriad of potential security holes thanks to the tens or even hundreds of thousands of lines of software running those aforementioned network services and others key to running the server itself. These security holes are known as local exploits.
Tools That Provide Protection
Thankfully, there are industry tools that do a large amount of the hard work for systems and networks administrators. One particular and very popular tool is Nessus, which is made by a firm called Tenable Network Security. One of a few similar tools on the market, Nessus cuts straight to the chase and if let loose on your network-facing services, it can be immediately configured to safely attack your server or go all guns blazing with the possibility of causing the server to fail during a simulated attack. The detailed reports that Nessus produces are so detailed that an administrator can drill down into exactly which exploit has been discovered on the server with the aim of quickly repairing it.
A less-used feature of Nessus is its local installation on a server. One Nessus installation can scan the network-facing services of multiple remote servers with ease. By going a step further and installing Nessus on each server, an administrator can glean an exceedingly granular level of detail ranging from user account exploits, through to which versions of otherwise safe software may be subject to known compromises. Even if the relevant software vendor has yet to patch that particular issue successfully, Nessus tells you that your system is at risk. It's an eye-opening exercise for even the most seasoned administrators.
A well-respected alternative to the mighty Nessus is a Linux distribution dedicated entirely to improving security called BackTrack Linux. With a number of highly sophisticated security tools bundled with the distribution, its efficacy is unquestionable. It stands out from the crowd due to its exceedingly useful tools, which are suitable for novices and advanced users alike. Used by both public and private sector organizations, it includes the excellent OpenVAS software, which describes itself as "the world's most advanced open source vulnerability scanner and manager." Any aspiring white hat could do worse than to begin by installing BackTrack Linux and spending some time getting to know OpenVAS. (To learn more, check out BackTrack Linux: Penetration Testing Made Easy.)
Acceptable Levels of Risk
The internet is certainly not always the convivial environment that it once was. As result, it's critically important that systems and networks are frequently subject to detailed penetration testing. Once armed with the useful information that tools such as Nessus provides, administrators can then make an informed choice about their acceptable levels of risk. Because the reality is that just like your home, in order for a network to be both functional and practical, there must be some risk of penetration. Consider this risk a trade-off between desired functionality and the necessary overheads that additional security always introduces.