What is Vulnerability Scanning and Penetration Testing?
19th March 2019
... Comments

You may have come across these services before, or heard them being mentioned, but its surprising how many people get them confused, or don’t realise they are in fact quite different in their own rights.

Vulnerability Scanning

On the technical side of things, vulnerability scanning identifies weaknesses in network devices. This can include routers, firewalls, servers, switches and software applications. It will look for both ‘potential’ flaws/weaknesses and also ‘known’ ones, where it would match it against an existing database list. This is where vulnerability scanning stops, after it has identified weak areas, it will highlight them in a report, however will not go any further and physically exploit them.

This is an automated process performed by software alone and involves no human interaction, until the report has been generated.

Penetration Testing

Although this is different to vulnerability scanning, it essentially serves a similar purpose, but doesn’t use any automation whatsoever. It will be human driven, where a specific set of elements (scope) or departments are focussed on and a number of penetrating software tools are created, specific to the environment. Essentially they are acting as a hacker and mimicking their processes (without causing damage) in order to try and gain entry. Their goal is to try and identify weaknesses in the network of devices and applications and then physically prove it, by penetrating them and getting in – just like a hacker would!

These tests are usually conducted outside of business hours, or when networks and applications are least used, which in turn, limits the impact on business operations.

If all that sounds a bit techy, there’s a simpler way of describing how it works

Imagine a wall that had various holes drilled into it. Some of these holes only went quarter or half of the way through, where as others would be drilled through completely, creating an entry point from the outside to the inside (well for uninvited insects anyway, so let’s call them hackers!).

To continue reading, please click here

More
About the Author

Michael F

Member since: 25th March 2014

Southern IT Networks provides technology advice, support and management for SME's, with specialisation in regulated industries, Office365 & Azure

Popular Categories