Ethical Hacking

Ethical hacking is the process of testing the network infrastructure by employing ethical hackers to perform penetration tests. Ethical hackers perform the same activities as malicious hackers, but they do so with the approval of the organization and without causing damage. The goal is to test the network in much the same fashion as a malicious hacker would. Because of the global nature of the Internet and the increased emphasis on networking, these types of activates have gained increased prominence in the last several years.

Penetration Testing

Penetration testing is the process of evaluating the organization's security measures. These tests can be performed in a number of ways, including internal testing, external testing, whitebox testing (you know the infrastructure), and blackbox testing (you don't know the infrastructure). After the test methodology is determined, the penetration test team is responsible for determining the weaknesses, technical flaws, and vulnerabilities. When these tests are complete, the results are delivered in a comprehensive report to management.

Several good documents detail the ways in which to conduct penetration testing. One is NIST-800-42, which even includes recommendations for tools intended for self-evaluation. NIST divides penetration testing into four primary stages:

Категории