answer

Student’s Name

Professor’s Name

Date

Network penetration testing techniques

Penetration testing involves testing a computer, network, or application system to identify weaknesses that unauthorized individuals may use to exploit, change, or access a system /network. There are a number of penetration testing techniques. One such technique is internal network penetration testing used to assess the vulnerability of the organization once the attacker has gained initial access or compromised the system. The testing is quite useful as it reveals the data at risk to device ways to secure it. An external network penetration test, on the other hand, assesses the organization's perimeter defenses from an attacker with no access or permission, looking to compromise the system. It allows the organization to assess how susceptible they are to outside threats (Lehtinen & Sr., 2016).

the third test is the blind test, where the tester is provided with very limited information about the organization like the company website or name. The test aims to stimulate the behavior of a real cybercriminal making the organization understand what ways real cybercriminals may use to compromise the system. However, the test is expensive and time-consuming, as many efforts are required to identify the target. Another test is the double-blind testing, which is an advanced blind test where only very few people are made aware of the upcoming test. It is useful to assess the effectiveness of organization incident monitoring, identification, and response. the last technique is the targeted testing, which is executed by organizations IT personnel where those affected are informed in advance. The method is faster than blind testing, useful in assessing the system, and installing several security patches but does not assess the organization's security vulnerabilities and preparedness  (Chapman, 2016).

Social engineering tests involve the tester tricking the organization staff into performing actions that compromise system security or revealing sensitive data. Impersonation is a notable test where an individual disguises as another individual to acquire unauthorized information or unauthorized access locations (Allsopp, 2017).

In case the penetration testing is not executed properly, they can result in enormous damage like corrupting operational / production data, exposing sensitive information, crash servers, etcetera. In case the tester is not trustworthy, they may abuse their knowledge and skills to become real hackers later. The testing veers off the real attack situation, which bears no warning, making the testing results misleading (Chapman, 2016).

References

Allsopp, W. (2017). Advanced penetration testing: Hacking the world's most secure networks. John Wiley & Sons.