3. Scope
The penetration test can be performed on a wide range of objects, which can be divided into three main categories.
3.1 Network Penetration Test
Network penetration test aims at identifying vulnerabilities in networks, network devices and hosts which can be exploited by hackers. These vulnerabilities can come from the flaws in design, operation or implementation of the network systems. For example, if the router of the company is hacked, the hacker may be able to access all the data being sent to and from the company’s network and even altered the content of these data. Therefore, it can lead to incorrect business information. The consequences will be even worse if the information being transmitted or received is meant to be confidential. …show more content…
Network assessments have appeared almost as long as host assessments, starting with the Security Administrator Tool for Analyzing Networks (SATAN), released by Dan Farmer and Wietse Venema in 1995. SATAN provided a new perspective to administrators who were used to hosting assessment and hardening tools. Instead of analyzing the local system for problems, it allowed you to look for common problems on any system connected to the network. This expands the use of network-based assessment systems. A network vulnerability assessment firstly locates all live systems on a network, determines what network services are in use, and then analyzes those services for potential vulnerabilities. Unlike the host assessment solutions, this process does not require any configuration changes on the systems being assessed, which largely improve the efficiency. Although network assessments are very effective for identifying vulnerabilities, they do suffer from certain limitations, like not being able to detect certain types of backdoors, complications with firewalls, and the inability to test for certain vulnerabilities because of danger. Additionally, many vulnerabilities are exploitable by an authorized but unprivileged user account and cannot be identified through a network
The penetration test can be performed on a wide range of objects, which can be divided into three main categories.
3.1 Network Penetration Test
Network penetration test aims at identifying vulnerabilities in networks, network devices and hosts which can be exploited by hackers. These vulnerabilities can come from the flaws in design, operation or implementation of the network systems. For example, if the router of the company is hacked, the hacker may be able to access all the data being sent to and from the company’s network and even altered the content of these data. Therefore, it can lead to incorrect business information. The consequences will be even worse if the information being transmitted or received is meant to be confidential. …show more content…
Network assessments have appeared almost as long as host assessments, starting with the Security Administrator Tool for Analyzing Networks (SATAN), released by Dan Farmer and Wietse Venema in 1995. SATAN provided a new perspective to administrators who were used to hosting assessment and hardening tools. Instead of analyzing the local system for problems, it allowed you to look for common problems on any system connected to the network. This expands the use of network-based assessment systems. A network vulnerability assessment firstly locates all live systems on a network, determines what network services are in use, and then analyzes those services for potential vulnerabilities. Unlike the host assessment solutions, this process does not require any configuration changes on the systems being assessed, which largely improve the efficiency. Although network assessments are very effective for identifying vulnerabilities, they do suffer from certain limitations, like not being able to detect certain types of backdoors, complications with firewalls, and the inability to test for certain vulnerabilities because of danger. Additionally, many vulnerabilities are exploitable by an authorized but unprivileged user account and cannot be identified through a network