penetration test.

hi
if you plan to do a penetration test what are the things or arrangements with network administartor that you should do  to avoid any kind of troubles or downtime.
besmile4everAsked:
Who is Participating?
 
ee_reachCommented:
That is a fairly broad question.  It will depend on a number of things:
1. Who you are - e.g, internal employee, external consultant, etc
2.  What your role is - are you the test implementer, the external consultant expert, the owner of the company who is contracting to do the test, etc.
3. What is the nature of the company?  Some companies have to meet different security requirements depending on their nature.  E.g, Anything having to do with health care, banking, or defense are going to have different kinds of measures in place than say a dog food manufacturing plant.
4.  What country are you in.  Different countries have different standards.  E.g, European Union countries will have certain rules that will have to be followed vs individual non-EU European countries vs the USA vs individual South American countries, etc.

To be able to advise you well, you would need to provide more info to make specific suggestions.  But the best thing to do is to start by sitting down with the Network Admin and get his/her take on what he/she needs you to do in order to avoid downtime or other troubles.  If that person has been in  his/her job for any length of time he/she will have definite ideas and will have concrete suggestions about what can be done to avoid downtime or other troubles.
0
 
pma111Commented:
Some companies wont have a full penetration test rather a vulnerability assessment which has pros and cons. I.e. a pen test is taking advantage of vulns identified and taking them as far as they will go to get at your data (or whatever the goal is), so 2 small minor vulns may actually equate to a big security issue if combined with a skilled pen tester, something a vuln assessment wont do. That will find an issue - flag it as an issue - and stop there. Whereas a pen test will find an issue, exploit the issue, then with elevated access see what other issues can now be exploted, target those, and so on and so on. Every pen test I have seen is actually a vuln assessment and theyve devided on that approach and pen testing exploits increases the likelehood something may break, thus cause issues to the busienss. Vuln assessments are a lot less likely to break anything, in fact the way they are designed means they shouldnt. So I assume your admins will need to know what tools will be run, and when, by whom, and any backup plan in case the tools cause issues. Some pen test tools can cause major bleeping of IDS/Anti Virus as well so you need to make sure you dont lose a genuine threat in the middle of a pen test.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.