IT security is an increasingly important issue for today's companies. Hacking incidents or the theft of confidential information can cause tremendous financial damage or corporate image loss. Consequently, enterprises have their IT environment evaluated by third party companies, which perform penetration tests. During a penetration test common attacking practices and techniques, which a malicious cracker would probably use as well, are applied. The results of such a penetration test help the company to expose possible weak points and to secure its IT configuration and environment. Since a penetration test is just a snapshot of the security environment and should therefore be repeated periodically.

This diploma thesis defines the process of a penetration test, which is divided into five different phases. All phases are described theoretically and implemented practically using examples. In addition, every step in a phase is rated with a priority, which helps to optimize the penetration test if the available time is short. As the usage of tools enhance the results of a penetration test, a collection with frequently used tools is included in this report as well.

The second part of this diploma thesis consists of the results of a penetration test, which was performed at the Zurich University of Applied Sciences Winterthur (ZHW). This penetration test was performed using the previously defined process.