Penetration testing for the home computer user

Filed Under: Data loss, Privacy, Vulnerability

Penetration testingLee Munson of Security-FAQs.com takes a look at penetration testing, and explains that it's not just big companies that can take advantage of it - you can even apply the principles of penetration testing to your home computer.

Penetration testing (also known as "pen testing") is a simple term that means you are looking at your computer system to determine if it has any security vulnerabilities that could be exploited.

You usually do this by imagining you are a hacker trying to get into the system. You could use the same tools that the bad guys might use and in the same manner.

Some people might think that you have to be a superhero security expert to be able to do this, but that isn't really the case. If you have the right software tools you can do this on your own computer as well. It is not as hard as it seems but sometimes it can take some time.

How do you get started?

Getting started with pen testing really all depends on how technical you want to get.

If you are not someone who is technically minded then there are still ways that you can run a homemade pen test on your own system.

First of all, you can try to get a technical friend to help. If you don't know any such person, then grab a trusted friend who is non-technical and ask them to run a couple of small tests on your system.

How to choose a strong passwordFirst, have them try to get on your system by guessing your login passwords. As they know you, they might start by trying words that are familiar to you or some of the most commonly chosen passwords

But that won't work since you already know how to make a strong password, right? :-)

If, however, they do manage to crack your password then you should change it right away because it is clearly far too simple to guess.

After that, try to have them log into your home wireless network - which should be password-protected. This should be the same story. They should not be able to log on even if they know you - because they shouldn't be able to guess the password.

Remember, your non-technical friend is neither a security professional nor a hacker so if they are able to get into your system then anyone can.

Now check the passwords on all of the websites that you use. Do you have the same password on more than one site?


If you do use the same password for multiple websites, you are going to have to take action - regardless of how "strong" your password is.

If a hacker steals your password from one website that you use then they could then use that same password on any other site that you frequent.

Now, the last thing that you should do is check to see if your anti-virus software, security patches and firewall are correctly installed and up-to-date. Security software like this, and good common sense, should protect you from the majority of the attacks you might encounter on the web.

If you are a technical user

If you are someone who can handle a high level of technical situations then there a number of tools that are available to you. Fortunately a lot of the professional pen test tools are open source which means they won't cost you anything.

If you go to websites such as sectools.org or pentesttools.com you will find a lot of security tools that - if used with care - can help you check your system is defended from outside attacks.

, , , ,

You might like

4 Responses to Penetration testing for the home computer user

  1. Dan Tinsley · 1012 days ago

    unfortunately, a vast number of tools listed on sectools.org, even for a techie can have serious consequences if used incorrectly

  2. David Parreira · 1011 days ago

    With 800k of usernames and passwords leaked since the begining of the year and tracked by https://shouldichangemypassword.com/ i am more concerned with pen testing on the sites that hold my personal details rather than a breach on my home security.

    Just my 50 cents of it.

  3. roy jones jr · 990 days ago

    This is a good test that I will hopefully have my IT management approve. The sites that do it right should always have secure connections, etc. and if not find an alternative.

    BTW that https://shouldichangemypassword.com/ site doesn't record any of the passwords on their servers.

  4. My brother recommended I might like this blog. He was once entirely right. This post actually made my day. You can not consider just how a lot time I had spent for this information! Thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Lee Munson is the founder of Security FAQs, a social media manager with BH Consulting and a blogger with a huge passion for information security.