Paul Walsh, of www.protocolsolutions.co.uk asks the scariest question out there: Think your network is safe from malicious attack? Find out for sure – a quick, complimentary chat will help you sleep better.
An Ethical Hacker is an expert hired by a company to attempt to attack their network and computer system the same way a hacker would. Ethical Hackers use the same techniques and tactics as those used by illegal hackers to breach corporate security systems. The end result is the company’s ability to prevent an intrusion before it ever occurs.
A company can’t know if their security system is solid unless they test it. It’s hard, though, for a company’s IT team to thoroughly ring out the system. Try as they might, the techs can’t go at the system with all the malicious or mischievous motives of a true illegal hacker. To thoroughly uncover vulnerabilities, the theory goes; you must examine your security system through the eyes of an illegal hacker.
The word hacking has strongly negative connotations, and, for the most part, rightly so. But ethical hacking is much different. It takes place with the explicit permission of the company whose system is being attacked. In fact, their “good guy” role is underscored by the nickname “white hat” Ethical Hackers have been given. The nickname is a throwback to old Westerns where the good cowboys could be identified by their white hats.
The company and the Ethical Hacker enter into a legally binding contract. The contract, sometimes called a “get out of jail free card,” sets forth the parameters of the testing. It’s called the “get out of jail free card” because it’s what harbors the Ethical Hacker from prosecution. Hacking is a felony, and a serious one at that. The terms of the agreement are what transform illegal behavior into a legal and legitimate occupation.
Once the hacker has exhausted his attempts, he reports back to the company with a list of the vulnerabilities he uncovered. The list in and of itself, however, is not particularly useful. What’s most valuable is the instructions for eliminating the vulnerabilities that the Ethical Hacker provides.
An Ethical Hacker works to uncover three key pieces of information. First, he determines what information an illegal hacker can gain access to. Next, he explores what an illegal hacker could do with that information once gained. Last, the Ethical Hacker ascertains whether an employee or staff member would be alerted to the break-in, successful or not.
At first it might sound strange that a company would pay someone to try to break into their system. Ethical hacking, though, makes a lot of sense, and it is a concept companies have been employing for years. To test the effectiveness and quality of product, we subject it to the worst case scenario. The safety testing performed by car manufacturers is a good example. Current regulatory requirements including HIPAA, Sarbanes Oxley, and SB-1386 and BS 799 require a trusted third party to check that systems are secure.
In order to get the most out of the assessment, a company should decide in advance the nature of the vulnerabilities they’re most concerned with. Specifically, the company should determine which information they want to keep protected and what they’re concerned would happen if the information was retrieved by an illegal hacker.
Companies should thoroughly assess the qualifications and background of any Ethical Hacker they are considering hiring. This individual will be privy to highly sensitive information. Total honesty and integrity is of the utmost importance.
- Related Videos
- Related Articles
- Ask / Related Q&A
- Learn Why You Need to Consider the Option of Network Security UK
- Protect your business with Network Security Services
- Importance of Network Security
- Network Security 101
- Texas Network Security Systems are Tighter Than a Biscuit
- Austin Texas Network Security is Tighter Than a Biscuit
- Network Security Management Services
- Some Types of Network Security Breaches
DSi Download Center: A SCAM?
By: Sarah Brown | 29/12/2009If you've been looking for DSi games online, you've probably seen something about a site called the DSi Download Center. And you, like me, probably wondered if DSi Download Center is a scam or a legitimate deal ? Not too long ago I was online and doing a Google search for DSi games to download from some place other than the Nintendo store. Through my searches I came across a couple places that talked about the DSi Download Center.
LOCATE YOUR LAPTOP
By: seema bansal | 29/12/2009Laptop thefts are very common nowadays, spilling a lot of financial burden on not only the laptop owners, but also the insurance companies. With the increase in the laptop thefts, the increase in the piracy has also made the market injected with the curse of increase in the duplication of the products as well as the parts of the laptops. So to avoid all these not only to save your laptop, but also as a social cause, you need to take up something that will stop the laptop theft events.
Examsoon 000-296 practice test
By: Adela1987 | 29/12/2009Examsoon offers you a comprehensive certification test solution to help you become IBM certified professional. This certification preparation guide comes with free study guide, sample questions and answers, pdf exam, braindumps and answers lab that give you the experience of actual Storage Sales for IBM Certified Solution Designer exam. This preparation kit also contains study notes, 000-296 pdf, 000-296 download, 000-296 practice test and 000-296 review.
Spyware, what is it and how to prevent it
By: Jarvis Edwards | 29/12/2009This article will describe what spyware is and how to prevent it from appearing on your computer.
Avoiding Malware and Spyware Online
By: Bubba Vine | 27/12/2009Avoiding malware and spyware online is getting harder, its becoming more and more common and a lot of the time people get infected without even knowing.
Warning Signal For Freeware - Are You Alert For The Pains That May Come Forth
By: Jose Sogiros | 27/12/2009Computer Software security measures is not uniquely pertaining publishers. As Well, the user must be sensible of troubles that might originate when clicking done with the software permit agreements without properly interpreting them.
Network Security A practical guide
By: freepedia | 26/12/2009Network Security: a practical guide provides a comprehensive review of network security issues, with relevance to corporate networks, from both an administrative and user perspective.
Pass4side 9L0-509 study questions
By: Adela1987 | 26/12/2009Pass4side Practice Exams for Apple 9L0-509 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.Pass4side Apple 9L0-509 Preparation Diary is my own preparation guide, there is no guarantee you’ll pass the exam, just by reading the article. Keep the article as starting point, do more research, I put enough reference wherever required, so expand your reading with references mentioned. Good Luck.
The Basics of Network Security
By: Paul Walsh | 20/11/2007 | SecurityHackers are smart. But a solid network security policy is even smarter. Learn the basics of keeping your network safe and secure.
Penetration Testing - Which Standard to Use?
By: Paul Walsh | 20/11/2007 | SecurityThink you've outsmarted hackers by doing routine penetration tests of your system? Maybe. Maybe not. It all depends on the penetration test standards you use. Which standard is best for your network?
How to Conduct a Penetration Test
By: Paul Walsh | 20/11/2007 | SecurityThink you'd have to be crazy to ask someone to hack into your network? A sound penetration test is the only way to know for sure how secure your system really is.