The ethical hack itself sample essay
Once the contractual agreement is in place, the testing may start as defined in the agreement. It should be noted that the testing itself poses some risk to the customer, since a criminal hacker seeking the transmissions of the ethical hackers could learn the same information. If the ethical hackers recognize a weakness or a flaw in the customer’s security, the criminal hacker could potentially attempt to use that vulnerability. There are several kinds of testing. Any combination of the following may be called for:
• Remote network. This test simulates the intruder attacking across the Internet. The primary defenses that must be defeated here are border firewalls, filtering routers, and Web servers. • Local network. This test simulates staff or other authorized person who has a legal connection to the organization’s network. The primary defenses that must be defeated here are intranet firewalls, internal Web servers, server security measures, and e-mail systems. • Stolen laptop computer.
In this test, the laptop computer of a key staff member, such as an upper-level manager or strategist, is taken by the client without warning and given to the ethical hackers. They examine the computer for passwords stored in dial-up software, corporate information assets, personnel information, and the like. Since many busy users will store their passwords on their machine, it is common for the ethical hackers to be able to use this laptop computer to dial into the corporate intranet with the owner’s full privileges. • Remote dial-up network.
This test simulates the intruder launching an attack against the client’s modem pools. The primary defenses that must be defeated here are user confirmation schemes. These kinds of tests should be coordinated with the local telephone company Conclusions The idea of testing the security of a system by trying to crack into it is not new. Whether a vehicle company is crash-testing cars, or an individual is testing his or her skill at martial arts by sparring with a partner, assessment by testing under attack from a real opponent is widely accepted as cautious.
It is, however, not sufficient by itself. Regular auditing, good system administration practice, watchful intrusion detection, and computer security alertness are all essential parts of an organization’s security efforts. A single malfunction in any of these areas could very well expose an organization to cyber-vandalism, awkwardness, loss of profits or mind share, or worse. Any new technology has its benefits and its risks.
While ethical hackers can only help and provide assistance for clients to better understand their security needs, it is up to the clients to keep their safeguard in place. (EC-Council, 2003).
EC-Council. (2003). Ethical hacking. Osb Publisher Pte Ltd. Fadia, A. (2005). The Unofficial Guide to Ethical Hacking. 2nd Edn. Course Technology PTR. Khare, R. (2006). Network Security and Ethical Hacking. Luniver Press. Simpson, M. T. (2005). Hands-On Ethical Hacking and Network Defense. 1st Edn. Course Technology.
Need help with writing The ethical hack itself sample essay?Get help