Go Hack Yourself

Today’s online criminals are sophisticated and out for financial gain, not bragging rights. Targeted, multipronged intrusions draw on a range of techniques and tools, including exploitable vulnerabilities, inside information, and sheer persistence.  Could your systems stand up to these sophisticated threats?  For many enterprises, the best way to find out is to attack yourself first, or hire somebody to do so.  A good penetration test may spot security vulnerabilities before attackers do.

Our standard security product lineup focuses on the Internet as the attack vector, but that’s not the only way in.  A determined attacker can break in by gaining the cooperation of an insider or even through physical access to buildings.  To really test your defenses, you need to attempt penetration via all of these methods.

This Information Week article explores penetration testing some of the commonly exploited avenues into an organization, the upsides and downsides of outsourcing, and dealing with trust when choosing a pen-tester.  After all, you are authorizing them to probe and penetrate your defenses.  It would be reassuring to know that they are not just going to turn around and sell this intelligence to someone else…



2 thoughts on “Go Hack Yourself

  1. Ha ha! “Go hack yourself” sounds like an insult between two computer geeks. Very funny!

    Seriously though, people need to hire a professional to do this type of assessment. Hacking yourself is like having your accountant audit his own books. =/

  2. You are correct in the fact that a professional who does nothing but pen-testing is best equipped to assist a business with a final pen-test.

    As the IT Manager for one company and the Security Manager for another, I often did self-audits, which included penetration testing, and I still do them on my home LAN.

    This exercise does not replace an external audit (except at home), it enhances it, and also allows me to take action on items noted in previous audits & pen-tests.


Comments are closed.