Embracing the Evils with Penetration Testing


There’s hacking and there’s ethical hacking and I’d like to think that most people in the industry are genuinely interested in penetration testing for the right reasons. Those ethical reasons would need to fall under the prevention of data loss, prevention of data leaks and generally protection against malicious code. The problem is that it’s hard to be a real hacker or even to be a real penetration tester unless you have actually had a go at it from the other side. In other words, all good penetration testers seem to be poachers turned gamekeepers.


Embracing the Evils with Penetration Testing


The Advantage of a Tight Ship

Thankfully, IT departments around the world are renowned for having lots of time on their hands and ours is no different. So for want of a better excuse to play with big boys toys, we regularly set ourselves inter-office (more inter-desk really) challenges to create a system that the other can’t access. To do this we use Dell virtualization setups straight off the shelves with VMWare and we rely on Dell data security solutions as a base, but we add a few network monitoring tools and periodically call in some help from friends or indulge in some serious hacker learning.


The Result from All our Tinkering

Either we are very good at securing our systems or we are very bad at detecting intruders, but so far, all the best network monitoring tools in the world have not picked up a likely deliberate attack on our workplace setup except for those that we instigate ourselves on our virtual machine set ups. We have learned a lot in a very short space of time and realize just how open most networks are with only basic protection.

In fairness, nobody without extensive knowledge would be able to inject some script and see a dump of your databases regardless of how little security you employed, but then you never need protection from those people anyway. When someone does make a concerted effort to access your file system, you had better be sure it takes place after you’ve beefed up your security. It’s a good idea to brush up on your penetration testing skills or at least make sure someone in your organisation knows what they are doing if you store any kind of sensitive data on-site. Alternatively, you could do as we did and learn the ropes yourself. Click here if you want help to set up your virtual environment for Penetration testing.

Being part of the Dell team, I know we have a great range of virtualization software and data security solutions on offer. Visit the site and browse the solutions on offer.