Penetration testing is important. I do such testing as a standard part of my IT audits, and I find weaknessess 30% of the time. In almost every instance, the vendor for the firewall has a patch that eliminates the weakness. However, no one at the bank knows to check the vendor's web site for updated software.
At a minimum, I recommend penetration testing once a year. I also recommend that the vendor's web site be checked once a month, to ensure the firewall is running the most current version of its software. It only takes 60 seconds to do the check, and it's one of the best things you can do to protect yourself from Hackers.
Regards,
Wayne Barnett, CPA
800-680-8692
www.barnettcpa.com
Wayne Barnett Software
A Texas Corporation
877-945-4344
www.barnettsoftware.com