ESTec Security - Education - Security Testing

Education Main
Security History
Best Practices
Best Practice Resources
Intrusion/Penetration Testing
Security Resources
Phishing Attacks


Security Training

Computer Security Institute (CSI) is the world's leading membership organization specifically dedicated to serving and training the information, computer and network security professional.
	Visit CSI

Intrusion Penetration Testing

Security Intrusion Testing

Intrusion/Penetration Testing and Vulnerability Auditing

Some organizations engage a consultant or security firm to perform a "penetration test" to determine the security of their organization's network and its Internet connection.

At ESTec Systems' Security division, we believe that penetration testing is valuable - but it is not the proper tool to begin with. The usual simple penetration test does not provide sufficient analysis of the potential problems that a business or organization might face.

The first tool for identifying system vulnerabilities is a "vulnerability audit".

Vulnerability Auditing

A vulnerability audit is composed of some of the components of an intrusion or penetration test, but an auditor can undertake a myriad of other important tests to identify all vulnerabilities potentially exploitable by intruders.

Vulnerability testing even looks for potential exposures that might become important some time in the future, in addition to existing "holes" in a client's protection for data. To do this, the auditor looks at the outer configuration of the systems (e.g. Internet and firewall strategies) and the internal configuration, including personnel and policies.

Candid specialists tell their clients for security examination that intrusion or penetration testing should be done only after a comprehensive vulnerability audit has been completed and the problem areas cleaned up. This reversal need not increase costs noticeably, and is bound to improve your knowledge of the measures protecting data - or leaving it vulnerable.

Penetration Testing

After the vulnerability audit and the correcting of the problems it uncovers, a penetration test may then be performed. That will identify areas where the intrusion detection systems still need improvement. Security experts agree: Every attempted penetration should be identified by your intrusion detection systems and then reported to the security management inside the organization. One hole can make a very leaky boat, even a newly refurbished one. Vulnerability auditing comes first, intrusion testing second.


	About Us \| Products & Services \| Newsroom \| Education \| Careers \| Contact Us \| Privacy Commitment \| Terms of Use ©2002 ESTec Systems Corporation. All rights reserved.