With a rise in network security breaches and the rise of Advanced Persistent Threats, companies are conducting tests on the vulnerability of their networks as a safety precaution. These tests may consist of security process audits, periodic vulnerability assessments and penetration tests. Security audits cover both security management processes and IT assets, which is generally called a network vulnerability assessment. Penetration testing, which is referred to as “pentesting,” is a method for evaluating the security of a computer system or network by simulating an attack from a malicious source. Penetration testing can analyze a system for potential vulnerabilities and provide a report of the systems vulnerabilities to the company. Typically, vulnerabilities result from flawed system configuration, including both hardware and software flaws.
During the penetration test, the tester attempts to exploit any security vulnerability in the system or network and prepares an analysis of the network security for the company. Currently, penetration testing is performed by a third party penetration company. These pentesting engagements require the security consultant or tester to be onsite at the client's premises to gain access to the target network.
What is needed is a network security auditing system and method that allows a penetration testing company to remotely gain access to a target network securely over the Internet. Also, a network security auditing system and method is needed that allows covert access to a network, including wireless communication to better simulate a malicious attack on a network.