24-01-2010, 08:16 AM
[attachment=1411]
INTRODUCTION
Ethical hacking- also known as penetration testing or intrusion testing or red teaming has become a major concern for businesses and governments.
Companies are worried about the possibility of being hacked and potential customers are worried about maintaining control of personal information.
Necessity of computer security professionals to break into the systems of the organisation.
Ethical hackers employ the same tools and techniques as the intruders.
They neither damage the target systems nor steal information.
The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them.
PLANNING THE TEST
Aspects that should be focused on:
Who should perform penetration testing?
How often the tests have to be conducted?
What are the methods of measuring and communicating the results?
What if something unexpected happens during the test and brings the whole system down?
What are the organization's security policies?
The minimum security policies that an organization should posses
Information policy
Security policy
Computer use
User management
System administration procedures
Incident response procedures
Configuration management
Design methodology
Disaster methodology
Disaster recovery plans.
Ethical hacking- a dynamic process
Running through the penetration test once gives the current set of security issues which subject to change.
Penetration testing must be continuous to ensure that system movements and newly installed applications do not introduce new vulnerabilities into the system.
Conclusions
Never underestimate the attacker or overestimate our existing posture.
A company may be target not just for its information but potentially for its various transactions.
To protect against an attack, understanding where the systems are vulnerable is necessary.
Ethical hacking helps companies first comprehend their risk and then, manage them.