Intrusion tests (abbreviated as pen tests) consist in testing an information system's protection methods by subjecting the system to a real situation.
Two methods are generally used:
- The black box method that consists of trying to infiltrate the network without any knowledge of the system in order to perform a realiztic situation
- The white box method that consists of trying to infiltrate the system equipped with knowledge of the entire system in order to test the limits of the network's security
The consent (preferably written) of the highest level of the hierarchy must be received before these tests are performed, the reason being that they could cause possible damage and because the methods used are considered illegal without the express authorization of the system owner.
An intrusion test is a good way to increase the awareness of those involved in the project when it reveals a flaw. On the other hand, it does not guarantee system security because the testers may miss detecting vulnerabilities. Security audits are a better method for ensuring a higher level of system security because they take organizational and human elements into account and the security is anaylsed internally.
Prueba de intrusión
Testes de intrusão