Ethical Hackers

Objective:

Define ethical hacking

Ethical hackers perform penetration tests. They perform the same activities a hacker would but without malicious intent. They must work closely with the host organization to understand what the organization is trying to protect, who they are trying to protect these assets from, and how much money and resources the organization is willing to expend to protect the assets.

By following a methodology similar to that of an attacker, ethical hackers seek to see what type of public information is available about the organization. Information leakage can reveal critical details about an organization, such as its structure, assets, and defensive mechanisms. After the ethical hacker gathers this information, it will be evaluated to determine whether it poses any potential risk. The ethical hacker further probes the network at this point to test for any unseen weaknesses.

Penetration tests are sometimes performed in a double blind environment. This means that the internal security team has not been informed of the penetration test. This serves as an important purpose, allowing management to gauge the security team's responses to the ethical hacker's probing and scanning. Do they notice the probes or have the attempted attacks gone unnoticed?

Now that the activities performed by ethical hackers have been described, let's spend some time discussing the skills that ethical hackers need, the different types of security tests that ethical hackers perform, and the ethical hacker rules of engagement.

Required Skills of an Ethical Hacker

Objective:

Describe ethical hackers and their duties

Ethical hackers need hands-on security skills. Although you do not have to be an expert in everything, you should have an area of expertise. Security tests are typically performed by teams of individuals, where each individual typically has a core area of expertise. These skills include

On top of all this, ethical hackers need to have good report writing skills and must always try to stay abreast of current exploits, vulnerabilities, and emerging threats as their goals are to stay a step ahead of malicious hackers.

Modes of Ethical Hacking

With all this talk of the skills that an ethical hacker must have, you might be wondering how the ethical hacker can put these skills to use. An organization's IT infrastructure can be probed, analyzed, and attacked in a variety of ways. Some of the most common modes of ethical hacking are shown here:

Rules of Engagement

Every ethical hacker must abide by a few simple rules when performing the tests described previously. If not, bad things can happen to you, which might include loss of job, civil penalty, or even jail time.

Test PlansKeeping It Legal

Категории