As technology is growing at a faster pace, so is the growth in the risks
associated with it. To beat a hacker, it is necessary to think like one!
Vulnerability testing and security audits alone cannot ensure the network is
secure because hacking requires creative thinking. Organizations must employ a
"defence-in-depth" strategy by penetrating their networks to estimate and
expose vulnerabilities.
Ethical Hacker must ask these questions at the time of engagement with an
organization:
- What is the organization trying to protect?
- Against whom or what are they trying to protect it?
- How much time, effort, and money is the client willing to invest to gain adequate protection?
- Do the information security measures comply with industry and legal standards?
An ethical hacker's evaluation of the security of a client's information
systems aims to provide answers to the following three fundamental questions.
- What can the hacker see on the target system?
Normal security checks by system administrators will often overlook
vulnerabilities. The ethical hacker has to think about what an attacker
might see during the reconnaissance and scanning phases of an attack.
- What can an intruder do with that information?
The ethical hacker must discern the intent and purpose behind attacks to
determine appropriate countermeasures. During the gaining access and
maintaining access phases of an attack, the ethical hacker needs to be one
step ahead of the hacker in order to provide adequate protection.
- Are the attackers' attempts being noticed on the target systems?
Sometimes attackers will try to breach a system for days, weeks, or even
months. Other times they will gain access but will wait before doing
anything damaging. Instead, they will take the time to assess the
potential use of exposed information. During the reconnaissance and
covering track phases, the ethical hacker should notice and stop the
attack.
Hackers may cover their traces after conducting attacks by modifying log
files, building backdoors, or deploying Trojans. Ethical hackers must look
into if these activities have been recorded and what safeguards have been
put in place. This gives them information about the current security
measures of the system being examined as well as an evaluation of the
attacker's skill.
The ethical hacker must also remember to convey to the client that it is
never possible to guard systems completely, but that they can always be
improved.
You might be interested in,
We hope this helps. If any suggestions or doubts you can add a comment and
we will reply as soon as possible.
No comments:
Post a Comment