Home > Ask the Security Experts > Network Security Questions & Answers > Are penetration tests essential for enterprise network security?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Are penetration tests essential for enterprise network security?

Mike Chapple, featured expert EXPERT RESPONSE FROM: Mike Chapple, featured expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 11 May 2007
How large of a role should penetration testing have in an enterprise network security strategy?


BROWSE BY TAG
Network Security,   Application and Platform Security,   Enterprise Vulnerability Management,   Security Testing and Ethical Hacking,   Vulnerability Risk Assessment,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Network Security
Should enterprises be running multiple firewalls?
What are best practices for fiber optic cable security?
What is the difference between a VPN and remote control?
What are the disadvantages of proxy-based firewalls?
What are the best practices for IPS implementation?
How to prevent DDoS attacks on websites
How to configure firewall ports for webmail system implementation
Can S/MIME, XML and IPsec operate in one protocol layer?
How should service providers address VoIP security issues and threats?
How to set up a corporate cell phone management strategy

Security Testing and Ethical Hacking
Screencast: Samurai offers pen-testing nirvana
McAfee to acquire Solidcore Systems for whitelisting
The Pipe Dream of No More Free Bugs
How to perform Microsoft Baseline Security Analyzer (MBSA) scans
Free HP SWFScan tool detects Adobe Flash flaws
Flaw disclosure debate polarizes SOURCE Boston panel
L0phtCrack returns
Information security book excerpts and reviews
Should static analysis be a part of the software development process?
Cracks in WPA? How to continue protecting Wi-Fi networks

Vulnerability Risk Assessment
Are Web application penetration tests still important?
McAfee to acquire Solidcore Systems for whitelisting
The Pipe Dream of No More Free Bugs
Vulnerability test methods for application security assessments
Free HP SWFScan tool detects Adobe Flash flaws
PCI QSA assurance program penalizes assessors
Information security book excerpts and reviews
New York drafts language demanding secure code
Security experts identify 25 dangerous coding errors
Microsoft Windows XML flaw exploits test desktop antimalware
Vulnerability Risk Assessment Research

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Cyber Storm  (SearchSecurity.com)
ethical hacker  (SearchSecurity.com)
ethical worm  (SearchSecurity.com)
gray hat  (SearchSecurity.com)
honey pot  (SearchSecurity.com)
honeynet  (SearchSecurity.com)
war dialer  (SearchSecurity.com)
white hat  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


Penetration testing can provide valuable information on the state of your security defenses, but it's quite expensive. For a penetration test to have credibility, it usually must be performed by an independent, outside firm. If you use insiders and the tests demonstrate vulnerabilities, you'll hear criticisms that the testers must have taken advantage of their insider information and knowledge of the infrastructure in an attempt to swell security budgets. On the other hand, if the tests show that all's well, you'll be criticized for conducting a test that isn't thorough enough. That's certainly a catch-22 if I've ever seen one!

Due to the high cost of penetration testing, I usually recommend that mature security programs consider it. If you're currently building up your security infrastructure and lacking several major pieces, invest your budget there first. Otherwise, the penetration test will only uncover vulnerabilities that you're already aware of. On the other hand, if you deploy penetration testing to evaluate a fully implemented infrastructure, you might gain valuable insight on potential weaknesses.

More information:

  • Michael Cobb provides tips on how to select a penetration tester.
  • Learn how to pen test a VPN.




    • Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts