Sophos Cloud Optix
Lee Munson of Security-FAQs.com takes a look at penetration testing, and explains that it’s not just big companies that can take advantage of it – you can even apply the principles of penetration testing to your home computer.
Penetration testing (also known as “pen testing”) is a simple term that means you are looking at your computer system to determine if it has any security vulnerabilities that could be exploited.
You usually do this by imagining you are a hacker trying to get into the system. You could use the same tools that the bad guys might use and in the same manner.
Some people might think that you have to be a superhero security expert to be able to do this, but that isn’t really the case. If you have the right software tools you can do this on your own computer as well. It is not as hard as it seems but sometimes it can take some time.
How do you get started?
Getting started with pen testing really all depends on how technical you want to get.
If you are not someone who is technically minded then there are still ways that you can run a homemade pen test on your own system.
First of all, you can try to get a technical friend to help. If you don’t know any such person, then grab a trusted friend who is non-technical and ask them to run a couple of small tests on your system.
First, have them try to get on your system by guessing your login passwords. As they know you, they might start by trying words that are familiar to you or some of the most commonly chosen passwords
But that won’t work since you already know how to make a strong password, right? 🙂
If, however, they do manage to crack your password then you should change it right away because it is clearly far too simple to guess.
After that, try to have them log into your home wireless network – which should be password-protected. This should be the same story. They should not be able to log on even if they know you – because they shouldn’t be able to guess the password.
Remember, your non-technical friend is neither a security professional nor a hacker so if they are able to get into your system then anyone can.
Now check the passwords on all of the websites that you use. Do you have the same password on more than one site?
If you do use the same password for multiple websites, you are going to have to take action – regardless of how “strong” your password is.
If a hacker steals your password from one website that you use then they could then use that same password on any other site that you frequent.
Now, the last thing that you should do is check to see if your anti-virus software, security patches and firewall are correctly installed and up-to-date. Security software like this, and good common sense, should protect you from the majority of the attacks you might encounter on the web.
If you are a technical user
If you are someone who can handle a high level of technical situations then there a number of tools that are available to you. Fortunately a lot of the professional pen test tools are open source which means they won’t cost you anything.
If you go to websites such as sectools.org or pentesttools.com you will find a lot of security tools that – if used with care – can help you check your system is defended from outside attacks.
unfortunately, a vast number of tools listed on sectools.org, even for a techie can have serious consequences if used incorrectly
Hi Dan,
Just curious to know how using penetration testing tools can be harmful?
A lot of attack tools may cause trouble when used – all good penetration testers will warn their customers of the unavoidable risk with some or even many tools (and will insist on and receive some sort of legal immunity in case of problems).
Even firing up a port scan or probing for existing vulnerabilities could crash a buggy service… same sort of reason why an engine smog check or a dyno test *could* damage the motor, esp. if the test is meant to look for signs of possible failure.
Same reason that a live UPS test could cause an outage – if the UPS fails then that is likely to mean it didn’t kick in in time when the regular power was turned off.
With 800k of usernames and passwords leaked since the begining of the year and tracked by https://shouldichangemypassword.com/ i am more concerned with pen testing on the sites that hold my personal details rather than a breach on my home security.
Just my 50 cents of it.
This is a good test that I will hopefully have my IT management approve. The sites that do it right should always have secure connections, etc. and if not find an alternative.
BTW that https://shouldichangemypassword.com/ site doesn't record any of the passwords on their servers.
My brother recommended I might like this blog. He was once entirely right. This post actually made my day. You can not consider just how a lot time I had spent for this information! Thanks!
will try pentest tool for sure thanks