A penetration test is also known as "ethical hacking", a security tool that provides vulnerability assessment of a network. By actively deploying attacks and penetration efforts against your network, it uncovers the vulnerabilities and threats in your security and pre-empts attacks on the perimeter defences.
In the network penetration testing, both automatic and human-based attacks are performed to seek out and exploit potential vulnerabilities. Ethical hacking is different from criminal hacking and you control the "attacker". The "attacker" gets back to you and reports whether the attacks were successful and if yes, how to stop such attacks from being successful in real-life. Penetration testing not only identifies network security threats but also provides you with a realistic risk assessment and its impact on your business.
There are two main types of penetration tests - Black Box Test and White Box Test. Black Box Test involves a test where the attackers have no knowledge of the network. Attacks are planned in a way an external hacker would use online connectivity in order to discover vulnerabilities. On the other hand a White box test involves attacks by those who have full knowledge of the network and are seeking out vulnerabilities and security threats present in the system.
Penetration testing should be performed at least once a year and at the time of some addition or change to the network infrastructure. Network penetration testing is also essential for risk audits conducted to determine vulnerability assessment and integrity. Script-based penetration tests are relatively inexpensive and suitable for white box testing. On the other hand, a Black box test is labour intensive and involves real people posing as real life hackers and involves more than simply running an online attack against the network.
