Cybercrime : Piercing the darkness

Language:

Content

Cybercrime Home Prologue A closer look

Computer as a tool

Computer as a target

›Network Intrusion • Ethical Hacking ›Network Attack ›Malware ›Cyberterrorism ›Defacement Fighting back Interactive

Xtras

About Sitemap Help Credits Download

Tools

Turn-on Images Print Tell a friend Bookmark

Choose your skin:

Think Tank

Quotable

Text size: Increase|Decrease| Reset

A closer look/ Computer as a tool/ Network Intrusion/ Ethical Hacking

Ethical Hacking

Ethical hacking is the use of hacking knowledge to forcefully attempt to enter a network to find its loopholes and back doors. It is often referred to as ‘legalized hacking’ and yes it is indeed legal and can even reap a lot of profits for highly skilled individuals.

It does not involve much destruction but more of gaining data and information about a network for constructive purposes. It may sound very easy, especially to laymen but it is something which involves a lot of planning and thinking through. The common description of hiring somebody to break into a network or application or web server then reporting what he/she found is far too simplified to fully illustrate how difficult ethical hacking really is.

Content Jump:

How to benefit as much as possible from Ethical Hacking
Methods and Techniques of ethical hacking
Conclusion

How to benefit as much as possible from Ethical Hacking

Related links

History of hacking
Network attacks
Deter hackers
Safeguarding data

Firstly, the results must be looked upon from a business viewpoint in that it can benefit the business as much as possible. You should ask which security loop holes pose a real security threat and how deep a hacker can get into the network via those holes. Then, you should decide which holes to patch up first.

Sometimes, security holes can be vital to your infrastructure, allowing for business with partners. In such cases, patching up these holes can cause more headaches than what it is worth to seal up the vulnerability. Thus, in such an event, it is more advantageous to leave the security hole there. The people you hire should be able to deal with this slight problem.

The company that you contract should be able to provide you with cures to your vulnerabilities while taking into account your business needs. Even then, the ethical hacking done should be part of a larger security audit which looks at known weaknesses while comparing between your IT governance policies and procedures and the best practices of the industry.

Methods and Techniques of ethical hacking

If you do not do anything immediately after you hire a hack of your system, it will not become any more secure than before the hack was done. Hacking can only provide an overview of your system at a particular point in time. It cannot provide a view of what the system is like over a period of time.

Ethical hacking can confirm that your security is good or show you the hidden threats, but it cannot show you what the security of your system will be like in the future. If your system changes even slightly, it may cause many more security loop holes to appear.

There are basically 4 different ways of doing an ethical hack of your system:

IP Hack

The contractor is supposed to hack a specific IP address that you give without any additional information. Ensure that the address is not the address of the wrong server. You wouldn’t want you contractors to be accidentally committing a crime.

Application Hack

A much more advanced hack which can dig deep into databases and production servers. Only disciplined and experienced hackers should be allowed to go through with such tests as it can easily be abused. For security reasons, NEVER hire a former illegal hacker for this kind of job.

Physical Infrastructure Hack

This involves physical entry into the organization to find information that is lying around such as passwords on post-it notes etc. It is to test the physical security of a corporation.

Wireless Hack

This involves exploiting wireless access points from the back of a van. Ethical hackers will hack and report the findings to you. They should also check your teleworkers to determine if there is a source of entry into your network from home offices.

Conclusion

Once a vendor is chosen, the outline and scope of the project should be made very clear. Somebody with authority should be delegated as the person to be contacted by the hackers in case any problem arises or any authority is required. He must be contacted at all times of the day. Ethical hacking is just a tool it does not solve all the problems. Always ensure that the company is not complacent with its own security.

Reference

Ethical Hacking: Security Testing and Certified Ethical Hacker
http://www.infosecinstitute.com/courses/ethical_hacking_training.html

Ethical Hacking
http://css.sfu.ca/update/ethical-hacking.html

What is an ethical hacker and how can you become one?
http://www.gocertify.com/article/ceh.shtml

Top of the page

Disclaimer | Sitemap | Credits | Help | Turn-on Images | © Cybercrime : Piercing the darkness