Wireless penetration testing begins with a vulnerability assessment, where penetration testers utilize multiple tools to gain initial knowledge specific to wireless networks and applications. A vulnerability assessment is not a replacement for a penetration test, though. After interpreting those results, penetration testers will use manual techniques and human intuition to attack those vulnerabilities.
Spear-phishing differs from normal phishing in that spear phishing is targeted and personalized. Spear-phishers target specific individuals with custom messages. They spend more time and energy on finding personal information to create tailored attacks.
Social engineering leverages and manipulates human interactions to compromise your organization. This could be something like bypassing a procedure and letting a guest into an employee-only area or believing someone’s unusual circumstances that lead to breaking policy. Eventually, these breaks in policy or procedure lead to malware or unauthorized access to your system.
Phishing is any effort from an attacker to gain sensitive information from an individual via email, social media, and even phone calls. In the context of a business entity, these malicious individuals make contact with employees asking for private information that can lead to access of company systems, processes, or data. These attacks are not personalized. Instead, they are mass-generated with the hope at least one individual will fall for the trap.
Network penetration testing tests the strength of your network from the inside out. This is accomplished in one of two methods:
- External network penetration testing is focused on the perimeter of your network and identifies any deficiencies that exist in the controls that protect against remote attackers targeting the Internet-facing systems in your environment.
- Internal network penetration testing analyzes the environment that lies behind your public-facing devices.