Improving IT security by playing attacker

The world wide web leaves the door wide open to internet spies. Last year the number of online felonies increased by 27% in Germany. Even seemingly secure IT systems such as those of the Federal Chancellery were spied on using relatively simple methods. The reason for this is that companies and organizations still much too seldom charge specialists with testing their systems for weaknesses by applying the same methods like the internet attackers, says Steria Mummert Consulting.

In the course of so-called penetration tests IT security specialists try to break into computer systems and networks from the outside and identify security holes. By doing so, they use the same techniques applied by real attackers, but in this case to the advantage of the company concerned.

Professional security tests check all IT communication interfaces of a company. Quite often the check also focuses on interfaces often neglected such as telecommunication lines and radio networks. So-called »social engineering« which means exploiting human weak points is part of such penetration tests. In this context, the individual know-how of the experts involved and the experience of IT specialists are still indispensable and cannot be replaced by automated tools. Such an approach very often leads to the identification of security holes by which web pirates break into company networks. GERMAN