4.3 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning.
Penetration testing, sometimes known as ethical hacking, should be used where vulnerability scanning has failed, as penetration testing goes further by actively seeking out and trying to shut down the security system. These tests are often carried out by white hat security specialists instead of the everyday systems admin. When these tests are in process, it is rare that the IT or security staff of the company is aware. This way not only can system security be looked at, but also how the personnel react to a specific attack.
A penetration test will assume the role of a malicious attacker actively trying to cause harm to the system and shut down the security of said system. Whereas the vulnerability scan will try and effectively find a hole or weakness in the system by probing and other passive measures. Companies tend to prefer vulnerability scanning as the process never actually hampers the current security of the system
GetCertify4Less and GetCertified4Less
No comments:
Post a Comment