Precautionary measure for Ransomware attack

Just a few days back the world witnessed the biggest cyber attack reported, where many countries were affected of Ransomware attack, a type of malacious attack which blockes the system and data access untill demanded ransom is paid for re-accessing the system.

Penetration testing or Pen test is an authorised attempt to attack a system in order to look out its potential weak spots. It is a part of security testing in which the tester tries to find out the security risk in the system. This testing is done to monitor that how can anyone intrude the system authentically. Penetration testing anlayses the system capability to overcome such attacks and how it can protect itself from these internal and external security breach.

Workflow of Penetration Testing:

• Planning Stage: Identification of requirements,

                            Defining goals and objectives,

                            Determine scope of the system.

• Discovery Stage: Finding vulnerabilities in the system.

                              Discover additional systems, devices, servers etc.

                             Collection of system data.

                             Adding ports and services.

• Attacking/ Intruding Stage: Attacking the discovered vulnerabilities.

• Final Analysis & Reporting Stage: Overall testting flow,

                                                          Evaluating potential risks and vulnerability,

                                                          Detailed fixes.

Why is Penetration Testing essential?

• It finds the vulnerability and will try to exploit it through White-Hat attack.

• Find loopholes in your system before unethical attackers/hackers do.

• To analyse the potential break points in the system.

• Maps the impact of the attack on business.

• Avoids Black-Hat attack to ensure protection of the orignal data.

When is Penetration Testing performed?

• To be performed on regular intervals for recent and previous missed vulnerabilities.

• When a new infrastructure of the system is deployed.

• When new security threats are discovered.

• When new softwares, firewalls are installed, also for system updates.

• When whole hardware setup is relocated.

Types of PenetrationTesting:

• Black box testing: In Black box Penetration testing, tester does not have any information or details about the system to be tested.

• White box testing: Tester has complete information about system, its schema, network details, source code etc.

• Grey box testing: When tester is provided with partial information about the system. Its like a situation of external hacking.

Various Penetration Testing tools:

• NMap: Port Scanning; OS Detection, Network & Vulnerability Scanning.

• Nessus: Detection of Vulnerabilities

• Metasploit: Development and execution of exploit code.

• Cain & Abel: For cracking passwords and network keys.