No matter how secure one believes a network to be the need to conduct vulnerability assessments is of the upmost importance if a company or organization has information that is confidential or vital in nature. The need to conduct penetration testing should be an ongoing task for organizations as new technologies emerge. Even with security measures in place hackers continue to find ways around the roadblocks which are put in place to secure our networks. Just this month alone the Federal Bureau of Investigation’s network was compromised as a hacker was able to penetrate the emails of one of the organization’s special agents (Brito, 2012). The FBI has some of the most sophisticated computer security measures in place known to man and if
…show more content…
The idea on conducting a penetration testing is not to be taken lightly. The software used to conduct security assessments can range from a few hundred dollars to well over $30,000 (Sawyer, 2009). If a company is going to invest this type of finances into a software they will want to know that the product is in fact going to benefit their organization. It is likely that the request for penetration testing is going to bring forth many questions from an organization regarding the need to conduct such testing. They will want to know what the cost will be for such software, if current staff is skilled enough to conduct the testing and if the testing will interrupt current duties. For the purpose of this paper we will assume that the IT employee is adequate to operate and conduct testing.
Once the company determines that their IT staff is competent to operate the software the next step will be to acquire the actual software. There are a multitude of packages and software that could be used to conduct penetration testing. We will examine three penetration tools and discuss the benefits and weakness in using the software to assess one’s network for security vulnerabilities to determine whether a company or organization should in fact invest in such software. The first penetration tool that