Penetration testing
One thing to remember about a penetration test is that it's not just a glorified game of Capture the Flag. Many of the tools and techniques that are used by the security team doing the test have been used before – and not by the good guys.
Even so, the black hats out there use many more techniques, social engineering their way into systems and networks, and exploiting zero-day and little-known flaws in software and hardware.
A penetration test will reveal many of the problems in a network, but not all of them. A tested network may be more secure than others, but it's certainly not safe from every possible attack.
Schneier implies that good security analysts are born, not made. Even so, you can work to inculcate some of that useful paranoia. Plenty of puzzle games allow you to challenge yourself against imaginary computer systems. Games like Cypher and SlaveHack simulate the dark side of hacking, helping you to develop the puzzle-solving skills that can help you find ways of deconstructing your own networks and systems. Then there's the other option: finding software that can be paranoid for you and letting it loose on your network.
Network-analysis tools
You don't need to hire a professional to break into your network – there's software out there that will do it for you in the shape of network-analysis tools.
Dan Farmer's SATAN (Security Administrator Tool for Analysing Networks) was one of the first of these tools. Written in the mid-1990s by Farmer and IBM security guru Wietse Venema, SATAN bundled up a whole raft of network vulnerability testing tools into one package. Administrators could load it onto a Unix machine and let it rip, delving into holes that even the most diligent network engineers had forgotten to patch.
The result of SATAN's investigation was a comprehensive report that detailed where the problems were and how to fix them. No one had seen a tool like this before – especially one this easy to use.
Panicked articles focused on the tool's name and declared that it was a tool for hackers, completely forgetting that SATAN was actually a tool to help stop crackers breaking into systems and that all it did was bundle up existing black-hat tools for over-worked system administrators.
In the resulting furore Farmer lost his job, but the foundations for a new class of security tools had been laid.
Scan your network
You can use the current generation of network-analysis tools to test your own network both inside and outside your firewall.
Tools like Nessus are easy to use and free to download. You'll find packages for most operating systems, though the Unix versions are often the most mature.
Commercial security scanners like GFI's LanGuard also help show up flaws, though they may not be as thorough as the more wide-ranging Nessus. Some of the latest generation of network-analysis tools will even manage to patch your systems for you by downloading system updates and remotely installing them on the machines that are most at risk.
Once you've downloaded a network scanner, install it on the machine that you intend to host your tests on. A laptop is a good idea because you can use it to scan any always-on broadband connections via a mobile broadband connection or from a friend's network. The result is a very detailed report of system vulnerabilities and a surprising amount of information about the systems you're running.
We ran Nessus over a typical small business network that supports a handful of laptops as well as numerous desktops, servers and network devices. The resulting report found several vulnerabilities that could have easily allowed someone with access to the network to quickly steal information and disrupt the network.
