Share this on:
 E-mail
22
VIEWS
0
COMMENTS
 
SHARES
About this iReport
  • Not verified by CNN

  • Click to view ITsecurity's profile
    Posted March 31, 2014 by
    ITsecurity
    Location
    London, United Kingdom

    How to offer Penetration Testing Services

     

    How to offer Penetration Testing Services

     

    Security professionals are not big on surprises especially when these surprises have something to do with weak security defenses, taken down applications, and stolen information. There are different ways on how such surprises are prevented but the best way to do it is to think just like the how the culprits do which means to test environments regularly. This is why penetration testing services are profitable business opportunity for those VARs or value-added resellers.

     

    Some customers are apprehensive about this security process. However, they should be reminded that this is what exactly security attackers do. They test the customer’s security defenses every day. It is best to show the customers the firewall logs so they can see how serious and consistent the attackers are.

     

    Ethics are unknown to security attackers. They will do just about anything that it takes to break into any computer system and network defense. Therefore, the customers should do the same to check if the attackers succeeded or not.

     

    There are four different testing services to help customers ensure that their network systems are fully protected from attacks.

     

    • Vulnerability Scans. This is a direct opportunity and a mature venture. One would just need to decide whether a service such as Qualys’ should be resold or if it is wiser to purchase a tool to use for systems and networks scans. Scanning is necessary and perhaps the easiest security assurance process.

    • Infrastructure Pen Tests. This testing service features live exploits such as Core Impact and Metasploit. It also uses other components such as live ammunition. To facilitate this process, there should not be much disruption to ensure its efficiency. In this process, all externally visible IP addresses are tested. These are exactly what the attackers see and what they want to penetrate. As conference room networks are perhaps the weakest components of a system or a network, it should also be tested.

    • Aplication Pen Test. For attackers, the most common goal is to break into a system or a network’s applications. In fact, these applications are usually directly targeted. There are different online application scanners that are popularly used such as AppScan from IBM and WebInspect from HP. It is also wise to invest on people ware to exploit logic errors of every application in the network. Human skill in such exploitation is still unparalleled. In case that the system’s initial application has been compromised, focus on the database as it holds the most important files and information.

    • User Test. This is something that testers will actually like. Most testers find it fun when they see how other users are very gullible. This type of testing uses fraudulent emails to customer service representatives to walk past the receptionist or the security. It also involves other processes such as dropping thumb drives in unlikely places and wait to see who will use it in their computers.

    •  

     

    Everyone will learn a lot as they go with offering and using penetration testing services. Testers will learn about effective and ineffective methods. Customers will realize its importance. Lastly, the Value-Add Reseller helps strengthen the network or system security and build strong relationships with customers.

     

    Four courses, please have a look at:

    ECSA - EC-Council Security Analyst and Licensed Penetration Tester

    IT Risk Management & Security Training Courses (PCRIM)

    CRISC ISACA Certification Courses

    ENSA - Network Security Administrator Training Courses

     

    PKI - Public Key Infrastucture Certification & Training Course

    What do you think of this story?

    Select one of the options below. Your feedback will help tell CNN producers what to do with this iReport. If you'd like, you can explain your choice in the comments below.
    Be and editor! Choose an option below:
      Awesome! Put this on TV! Almost! Needs work. This submission violates iReport's community guidelines.

    Comments

    Log in to comment

    iReport welcomes a lively discussion, so comments on iReports are not pre-screened before they post. See the iReport community guidelines for details about content that is not welcome on iReport.

    Add your Story Add your Story