Pen Testing ImageQuest

Dark Reading has a story about a couple of “pen testers” arrested in Iowa for doing their job last year.

Pen is short for penetration, and pen testing is an element of cyber security. An organization hires an outside third party to test network defenses to determine what security vulnerabilities a system may have.

Organizations do this to ensure a vulnerability hasn’t been overlooked, that security processes aren’t being missed, and that the correct measures are in place to stop a criminal from “penetrating” systems and stealing business data in a breach.

A pen test differs from a vulnerability scan. A pen test simulates a hacker trying to breach your network and access business data. A vulnerability scan is more of a scan that assesses your security without testing it.

We offer penetration testing and vulnerability scans as part of our Managed IT Security services.

In addition to testing a network’s security software, pen testing can include checking Web applications an organization uses, wireless network testing, social engineering (often also called phishing tests, which are run to check employee security behavior), and physical security of the network.

The pen testers who got arrested had been hired by a state judicial agency to test courthouse security. Often, courthouse security is the responsibility of the county sheriff.

Apparently, in this case, state officials didn’t tell the sheriff about the security checks in advance. A very angry sheriff arrested the testers, even though they presented him a letter of engagement from the state when arrested.

You can form your own opinions about the testers finding the courthouse unlocked at midnight, and why the sheriff sought felony burglary charges.

The company the two men worked for eventually got all the charges dropped – but the involvement of angry and – probably embarrassed – politicians meant it took a while.

The incident led to the state reviewing and revising its security contracting process.

Hopefully, the sheriff revised his courthouse security procedures too.