ABSTRACT
Penetration testing has been well popularized by the media. Many companies are now offering penetration services to identify vulnerabilities in systems and the surrounding processes. This report will Discuss "Penetration Testing" as a means of strengthening a corporate network's security. This report is divided into three parts. Introduction will give you a brief and basic overview of Penetration Testing and why we need Penetration Testing, The second part is the technical breakdown explains The strategy, model and type of Penetration Testing. In the conclusion, we will discuss both the value and limitation of Penetration Testing.
1. INTRODUCTION
As electronic commerce, online business-to-business …show more content…
Internal, "authorized" users of a system also present a significant security exposure. According to a recent survey, [05] 75% of respondents cited that disgruntled employees are the most likely source of attacks. Employees or other trusted parties were those most likely to be responsible for vandalism, theft of information and sabotage of data.
Hackers, both internal and external, identify targets through choice and opportunity. A "target of choice" is one that is specifically identified and selected. Hackers penetrate targets to achieve notoriety within their community or to reap more tangible benefits from, say, information theft and industrial espionage. Large, high-profile companies, such as governments and financial institutions, are regular targets of choice. Employers and former employers often represent targets of choice for disgruntled employees, suppliers or contractors.
A "target of opportunity," on the other hand, has been selected because of fortuitous circumstances, such as relative ease of access, availability of insider information, or luck. As such, almost any company can be a target of opportunity. Internal attacks also present a significant exposure, as employers and former employers often, perhaps unknowingly, provide ample opportunity for disgruntled employees, suppliers or contractors to attempt unauthorized access.
Many companies have deployed sophisticated security