George Mateaki on the Security Metrics blog explains penetration testing – Network Penetration Testing 101 – and why it’s advisable for businesses to confirm the security of their workaday environments.`
“Penetration testing, in general,” Mateaki explains, “is a type of ‘ethical certified hacking’ during which a pen tester will attempt to enter and exploit your IT environments. There are a few types: Segmentation Checks, Application Penetration Tests, Wireless Penetration Tests, and Network Penetration Tests.
“Segmentation Checks look for misconfigured firewalls. Application Penetration Tests find security issues that are due to application coding flaws. But when we pen test a network, we look for security issues in the design, implementation and maintenance of servers, workstations, and network services.”
“Hackers will target anything that stores, processes or transmits credit card information or personal identifying information (PII). And if you’re in the HIPPA realm, that includes protected health information (PHI). The location(s) at which you store this information are collectively known as the Cardholder Data Environment (CDE).
So there you have it, in a tight summary. If you’re not feeling secure (or maybe even if you are), have a Network Pen Test done.