To test a security system, ethical hackers use the same methods as their less principled counterparts, but report problems instead of taking advantage of them. Ethical hacking is also known as penetration testing, intrusion testing, and red teaming.
(PRWEB) December 28, 2004 -- An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker or intruder could exploit. To test a security system, ethical hackers use the same methods as their less principled counterparts, but report problems instead of taking advantage of them. Ethical hacking is also known as penetration testing, intrusion testing, and red teaming.
With the growth of web based systems, computer security has become a major concern for businesses. They want to be able to take advantage of the Internet for business process, e-commerce, information distribution, and other mission critical data, but they are worried about the possibility of being hacked."
Who are ethical hackers?
Ethical hackers possess a variety of knowledge and skills concerning the web, network and operating systems, programming, and physical security. First and foremost, they must be completely trustworthy. The sensitivity of the information gathered during an evaluation requires that strong measures be taken to ensure the security of the systems being employed by the ethical hackers themselves. I would recommend companies such as Atlanta based Vigilar or Internet Security Systems. These companies are leaders in their field and you can trust your information will be protected. They understand the sensitivity of the information gathered during an evaluation and have strong measures in place to ensure the security of the data.
What an ethical hacker seeks to answer is four basic questions:
What information, locations, and systems can an intruder gain access?
What can an intruder see on the target facilities, networks and systems?
What can an intruder do with that information and data?
Does anyone at the target notice the intruder's attempts or successes?
There are four basic kinds of hacks you can have done:
IP Hack: You hire someone to hack a specific IP address, giving them little or no information.
Application Hack: A much more sophisticated hack that can delve deep into databases and down production servers. Only experienced hackers, with strict guidelines governing their actions, should be allowed to perform such tests.
Physical Infrastructure Hack: This is where people try to get into your facilities to access your systems or go dumpster diving looking for confidential information such as passwords discarded on sticky notes and posted on work stations.
Wireless Hack: War-driving is the new term to describe this type of attack where wireless access points are exploited from the back of a vehicle.
While testing the security of a client's systems, many times ethical hackers will discover information about the client and customers that should remain secret. During an evaluation, the intrusion team often holds the keys to the company," and therefore must be trusted to exercise tight control over any information that could be misused. Ethical hackers have a variety of ways to hack businesses critical systems and infrastructure. So it is important to use a trusted company with the experience, knowledge and resources to deploy a successful evaluation.
###
|
