Companies spend plenty of time, effort and money protecting their networks from hackers. Firewalls, Intrusion Detection and Protection Systems (IDPS) or security gateways are commonly used to protect connection points between internal networks and the internet.

However, despite all these protections, networks can still be breached. In April 2011, Sony revealed that their network had been hacked exposing 77 million personal details of PlayStation Network users which included names, date of births, e-mail addresses, passwords and credit card numbers.

Unpatched server software, as well as a custom firmware release (Rebug) effectively turned the PS3 console into a developer kit which activated a number of features users could not normally access. Most importantly, the firmware gave trusted access to Sony's internal developer network. Hackers exploited this to access and pull out information from the customer details database – 77 million customer accounts compromised.

With one of the biggest data breaches in history, how do companies ensure these attacks do not happen to them and they are safe from the bad guys? I suppose they could call on the good guys pretending to be the bad guys...penetration testers (aka "white hats" or ethical hackers).

Penetration Testing is normally conducted as a service to clients by mimicking the types of attacks performed by malicious hackers using the same tools and techniques. The aim isn't simply to break through an organisation's defences, but to identify the depth and breadth of vulnerabilities.

Network infrastructure penetration testing focuses on performing attack simulations or exploitation on clients' computer networks/systems in order to determine these vulnerabilities. Testing also requires permission from the person owning the target systems, otherwise hacking these systems would be illegal!

With network breaches on the rise, many companies have realised the importance of security, and have incorporated penetration testing activities as part of their information security strategy. The results from these tests and guidance will help companies to better protect their networks (or sensitive data) and prevent them from falling into the wrong hands.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.