Security professionals use penetration testing to help better understand the risks to their systems and network. Here we'll take a look at what this important type of testing involves and how it can help keep the bad guys out.
Internet = RiskIt's been said that the safest computer is a computer switched off and therefore not connected to a network. Anything that's hooked up poses a risk from hackers. Even an innocuous piece of equipment like a network-ready ink jet might end up giving an attacker access to an entire local network; all that hacker has to do is exploit one if the printer's software bugs successfully. These days, attackers can even awaken remote computers and do with them what they will! Even so, whether you're an average user or an experienced systems administrator, there's a very real need to carefully consider your exposure to the Internet.
Types of HackersThankfully not all highly skilled engineers want to defeat security measures; some of them, namely ethical hackers, aim to improve them. They're often called "white hats," and as this term's antonym suggests, "black hats" are interested in the opposite. They purposefully attack systems and networks in order to exploit their vulnerabilities. They aim to either destroy them or use them to their advantage, and they're driven by a variety of agendas.
External/Internal TestingTaking an Internet server as an example, it's critical to understand how a systems administrator must consider its weaknesses with regards to security. Fundamentally, and in the simplest of terms, it's key to know how the inside and the outside of a system appears to an attacker. That's because what a server looks like from the outside and from the inside are completely different.
To the Internet, a server might be firewalled with a handful of ports left open to provide services such as SMTP for email and HTTP for a website. These are the network-facing services. On the server itself lurks a myriad of potential security holes thanks to the tens or even hundreds of thousands of lines of software running those aforementioned network services and others key to running the server itself. These security holes are known as local exploits.
Tools That Provide ProtectionThankfully, there are industry tools that do a large amount of the hard work for systems and networks administrators. One particular and very popular tool is Nessus, which is made by a firm called Tenable Network Security. One of a few similar tools on the market, Nessus cuts straight to the chase and if let loose on your network-facing services, it can be immediately configured to safely attack your server or go all guns blazing with the possibility of causing the server to fail during a simulated attack. The detailed reports that Nessus produces are so detailed that an administrator can drill down into exactly which exploit has been discovered on the server with the aim of quickly repairing it.
A less-used feature of Nessus is its local installation on a server. One Nessus installation can scan the network-facing services of multiple remote servers with ease. By going a step further and installing Nessus on each server, an administrator can glean an exceedingly granular level of detail ranging from user account exploits, through to which versions of otherwise safe software may be subject to known compromises. Even if the relevant software vendor has yet to patch that particular issue successfully, Nessus tells you that your system is at risk. It's an eye opening exercise for even the most seasoned administrators.
A well-respected alternative to the mighty Nessus is a Linux distribution dedicated entirely to improving security called BackTrack Linux. With a number of highly sophisticated security tools bundled with the distribution, its efficacy is unquestionable. It stands out from the crowd due to its exceedingly useful tools, which are suitable for novices and advanced users alike. Used by both public and private sector organizations, it includes the excellent OpenVAS software, which describes itself as "the world's most advanced open source vulnerability scanner and manager."Any aspiring white hat could do worse than to begin by installing BackTrack Linux and spending some time getting to know OpenVAS. (To learn more, check out BackTrack Linux: Penetration Testing Made Easy.)