Question

Do a bit of research on penetration testing techniques. Investigate and document the following Five network penetration testing techniques Advantages and disadvantages of each One notable social engineering test Possible negative implications of penetration testing Please write between 200 and 300 words

Answer 1

Five network penetration testing techniques and the advantages and disadvantages of each:

* External testing: This targets the assets of a company available on the Internet, such as the company's official websites, company's web application, and its email and Domain Name Servers (DNS), to gain access and obtain valuable data.
Advantage: This lets the testers and company's security personnel know what exact company's information is public and private, so they can make necessary and appropriate changes to the data making it public or private depending on the value or how critical the data is.
Disadvantage: This test would not be able to attack and breach much of the company's data as it is done from the outside with only a little knowledge about the company, its data, assets, servers, and network.

* Internal testing: This test accesses an application behind its firewall simulating an attack by a malicious insider, for example, as simulating the scenario, as if an employee's credentials were stolen through a phishing attack.
Advantage: This test provides testers with a strong advantage over an external threat, as the attack carried out within the company's network has the potential and possibility to cause greater damage compared to the outside or external attack or test, as some of the protection systems, assets, and data have already been bypassed and breached.
Disadvantage: There are chances of the testers leaving a trace or trail of their path, activities, and behavior, as it is the company's environment, network, infrastructure than compared to external testing as the tester or attacker could be attacking from anywhere in the world and it is very hard to guess, calculate, or compute the trail.

* Blind testing: This test is carried out with only the name of the enterprise to be targeted.
Advantage: It gives security personnel a real-time look at how an actual application assault is carried out.
Disadvantage: It is typically expensive, because of the time and effort spent on researching the company to be tested.

* Double-blind testing: In this test, security personnel would have knowledge of the simulated attack beforehand, without any time support their defenses before the attempted attack or breach.
Advantage: Very few people at the company are even aware of a penetration test being carried out. Useful for identifying a company's security monitoring and incident team's responses.

* Targeted testing: This test requires both, the tester and the security personnel of the company would work together and keep each other informed of their actions and movements.
Advantage: It exposes a deeper level of system flaws and vulnerabilities when compared to blind or double-blind testing.
Disadvantage: It is not real-world in nature.

There are others also, such as Black Box and White Box testing.

One notable social engineering test: This penetration test scenario attempts to get and engage an employee or third party to disclose and reveal sensitive and confidential information, such as a password, account data, authentication data, business data, or other user data. The penetration testers target help desks, sales representatives, HR representatives, an employee from a payroll team through the phone or the Internet.

Possible negative implications of penetration testing: In the event, case, or an exception of the time, situation, or scenario where the penetration testing is not carried out properly and securely without considering the bad consequences, the tests would cause a lot of damages, losses, could crash servers, expose sensitive and confidential data, corrupt important and critical production data, or cause a number of other adverse effects and corresponding bad consequences associated with simulating a criminal hack.

A written statement should be well defined and describe the penetration testing as a safety measure for the testers unnecessarily getting involved and convicted for any felony.