Why Penetration Testing is key for IT Security Infrastructure?

Penetration Tests must be part of any IT Security Infrastructure Policy, unfortunately most IT infrastructure design principles are done on systems that have become obsolete i.e. systems that can be compromised easily. Companies are today obliged to have access to the internet for various reasons; however 98% of companies have not completed any network audit nor have they carried out a penetration testing to their network infrastructure. Moreover many companies building new IT infrastructure do not put any mechanism in place to audit the new systems being put in place.  It is strongly recommended that all companies should perform external and internal penetration testing at least once a year and also after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub-network added to the environment, or a web server added to the environment). These penetration tests must include the following:

• Layer 1 and Layer 2 security review: This should include aspects like Ports Security, DHCP Snooping, and MAC address inspection to guard against MAC spoofing.
• Network-layer penetration tests: Verify that the penetration test includes network-layer penetration tests. These tests should include components that support network functions as well as operating systems. There is a widely held belief amongst most engineers, that scanning a perimeter represents a network security audit, unfortunately a network scan does not represent a penetration test.
• Application-layer penetration tests: Verify that the penetration test includes application-layer penetration tests. The tests should include, at a minimum all possible vulnerability that has been detected during the application security assessment.

Companies should have security policies that enforce this aspect for the business, this information security policy should also verify that the policy is published and disseminated to all relevant personnel (including vendors and business partners), as unfortunately the weakest link in any security strategy is the “human factor”. The Security policy must verify that an annual risk assessment process is documented that identifies threats, vulnerabilities and results in a formal risk assessment. This should be the framework used to complete the security audit and penetration testing of the IT infrastructure environment.

Most companies believe the fact that by deploying an intrusion detection, anti-virus and firewall, that their network are fully protected and impenetrable. This is a wrong assumption; the level of hacking sophistication on the Internet has changed since 2010.

Although the use intrusion-detection systems, and/or intrusion-prevention systems to monitor all traffic at the perimeter of the critical data environment as well as at critical points inside of the network environment, and alert personnel to suspected compromises is a vital part of any security policy, this is not fool proof as the IT infrastructure can still be compromised using some sophisticated advanced hacking tools that won’t be detected by intrusion detection systems , and/or intrusion-prevention systems. It is also very important to keep all intrusion-detection and prevention engines, baselines, and signatures up-to-date in order for your environment to maximize the chance of preventing any network breaches.

Firewalls are parts of any basic security policy for any network environment that wants to protect the integrity, the confidentiality and availability of the overall setup. However it is almost impossible to prevent an unauthorized access to the IT infrastructure by just using firewalls. Firewalls are good starting point, although with the current hacking tools you need more than a firewall to protect your network setup.

Deploying file-integrity monitoring tools to alert personnel to unauthorized modifications of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly is another task that needs to be part of IT Security policy.

End-point security systems must be part of the overall IT security solution, this will help detect rootkits, virus, Trojan, malware, worms, spyware and bots although most advanced hacking tools have built-in utilities that will kill most  anti-virus installed on machines that are compromised.

This is why it is important to use an IT Security Expert to assist you with any IT security audit and the various complex security issues that have been introduced into the company IT infrastructure. IT security is an ongoing process therefore IT audit and review as well as update of IT security infrastructure is of paramount importance to any company survival. For any quote or Penetration testing concerns please contact us today.

Security Penetration Testing in UK.