(By Info-Tech Analyst James Quin — Reprinted with permission from Processor magazine www.processor.com).
Imagine, if you will, a building. Let's say it's an office building. In fact, let's say it's your office building. You want to make sure that no one gets in who isn't supposed to. You install big locks on all the doors and maybe even a swipe-card system to keep people out.
Now let's say that you want to check to see if those offices are secure. You go out and hire someone to try to force the swipe-card system, pick the lock, and/or kick in the door. You don't worry about damage as long as you know whether or not you're secure.
Sound ridiculous? Of course it does, but every day IT security managers are opting to do exactly this when they perform penetration testing against the network perimeter.