Penetration testing for Windows systems
What do I need to know to give my system the most effective penetration test? Are there particular tools that are better than others? How safe should I feel if my system passes the test and when should I test again?
What you need to know is how to pick the most effective tools. I know quite a few people are enamored with Metasploit, and it was featured in a couple of articles here on SearchWindowsSecurity.com.
There's also a great guide to penetration testing, including goals, processes, and tips/tricks provided by Corsaire here.
As far as what to make of the results of the penetration test, I'd feel comfortable if my desktop systems passed the tests once each quarter and my Internet facing servers passed the tests at least once a month, if not more often. These tests can be automated, so it's not at all a management problem to conduct these tests on servers on a more frequent basis.
View questions and answers from all of our Windows security experts here.
This was first published in April 2006