Only a few people know what means penetration testing. However, it is an ideal way to find out and verify the security of your data and systems. This will prevent unwanted attacks by hackers.
It is a process in which a penetration tester tries to take on the role of an attacker (hacker) and gain access to system data that does not belong to him. The difference between him and a real attacker is his motivation. While the hacker tries to find a way into the system for his benefit (financial, political, or otherwise), the penetration tester aims to find as many ways as possible to get into the system and report it to its owner. The owner of the system thus learns where potential vulnerabilities are in his system, and he has a chance to fix them based on the penetration test results.
The penetration testing service that we offer has these goals. A malicious attacker can attack any website created in the MUNI environment. That is why we try to detect as many vulnerabilities in these systems as possible in time. But we can't do it of our own free will and without calling on the system owners - in which case we would be no different from real attackers.
Penetration testing is intended for anyone from the university who creates or manages a service (such as a website) available from the Internet and wants to verify whether it is sufficiently secure against potential attackers.
The process of penetration testing begins by the applicant. Due to the nature of testing, it is not possible to perform the service "proactively", and therefore it is necessary to agree with the interested party on the details of testing - what is part of the test, what to avoid, who to contact in case of critical findings, etc.
After the agreement of details and the date of testing, the technical part itself follows. A team of testers will meet to perform a penetration test on the agreed time. The team then writes a report that is sent to the penetration testing applicant. This report contains all the findings described in technical and "managerial" language so that it is possible to understand the overall security status of the tested system. It provides recommendations for technicians on what steps to take to improve this status.
If necessary, it is possible to request a retest to verify the successful correction of the errors found.
It is important to realize that penetration testing is a potentially destructive process. During testing, it is impossible to guarantee that the system will not experience a temporary outage or that data integrity will not be compromised. Therefore, we always ask interested parties to provide us with a copy of the system, preferably with simulated data, to ensure we cannot invade system users' privacy. Nowadays, virtual machines and containerization are not a problem.
What to do if you are interested in penetration testing? Just contact us using the form on the page csirt.muni.cz, and then we will agree on the details of testing.
Do you want to know the news about Microsoft 365 tools used at the university? What changes and improvements await us in 2024? We have prepared a webinar for you, where we will not only summarize all the current information, but also look at tips on how to work (together) more securely and efficiently in Microsoft 365.
Microsoft 365 is one of the basic tools for work and study at Masaryk University. That's why colleagues from the Institute of Computing Science have prepared a course for you that will help you become more familiar with it. Try it yourself!
