1 Network penetration testing
This chapter covers
- Corporate data breaches
- Adversarial attack simulations
- When organizations don’t need a penetration test
- The four phases of an internal network penetration test
Everything today exists digitally within networked computer systems in The Cloud . Your tax returns, the pictures of your kids that you take with a cellphone, the locations, dates and times of all the places you’ve navigated to using your GPS. It’s all there ripe for the picking by a dedicated and skilled-enough attacker.
The average enterprise corporation has ten times (at least) as many connected devices running on their network as they do employees who use them to conduct normal business operations. This probably doesn’t seem alarming to you at first thought, considering just how deeply integrated computer systems have become to our society, to our existence and to our survival.
Assuming that you live on planet Earth, and I have it on good authority that you do, there’s a better than average chance you have the following:
- An email account (or four)
- A social media account (or seven)
- At least two dozen username/password combinations you’re required to manage and securely keep track of to log in and out of the various websites, mobile apps and cloud services that are essential in order to function productively within your normal everyday life.