How to Establish Your Ethical Hacking Goals and Why It's Important
Before you can start hacking ethically for a company or organization, you need to set goals first. Generally, the primary goal of every ethical hacking campaign is to trace vulnerabilities in your system and patch them up. However, you can take his a step further:
- Be more specific with your goal. Focus more on your business’ objectives and how ethical hacking can help them. This would make it easier for you to get upper-management approval.
- Have a specific schedule – it should have both start and end dates. These are critical components of your ethical hacking plan. This should give you an extra motivation when you’re a bit lagging behind.
Before you start hacking, everything must be written in black and white…and they must be approved and signed by the upper management. You should document everything. You should also involve your company’s upper management and make sure that they support what you are doing.
Here are some questions that you should ask yourself before you can get the ball rolling:
- Does ethical hacking act in harmony with the mission and vision of the whole business or organization…especially their Information Technology and security departments?
- What are the company’s goals or objectives that are met by performing ethical hacking? They may include preparing the company for internationally accepted security framework (ISO 17799). It may also include getting a security approval or seal like SysTrust or WebTrust.
Other goals could include meeting federal rules and regulations, enhancing the company’s reputation or image, and others.
- What information am I protecting and securing by hacking ethically? Is it intellectual property? Am I protecting confidential customer details or private employee information?
- The money, time, and effort – how much of these am I willing to spend or invest? How much of these is the company I’m working for willing to invest?
- What certain deliverables should be ready? As for the term deliverables, they could be anything from high-level executive reports, detailed technical reports, as well as papers that discuss what you’ve tested and more importantly the results of the tests. It may even include what passwords and other confidential information you gathered from the tests.
- What outcome am I looking for? After presenting the results of the ethical hacking tests, what do I want the company or organization to do? It may include increasing the budget for IT and security, patching and increasing security systems, or hiring additional security personnel. And that’s just to name a few!
All About Ethical Hacking: Types of Attacks You Should Protect Yourself From
Knowing that your systems are always under attack from unethical hackers from different parts of the globe is one thing. But knowing how to protect your systems against these possible attacks is a different story.
The latter is harder than the former. On our case, it’s impossible to enumerate every possible attack that could strike your computer systems. That would require volumes of books. However, there are well-known attacks that hackers use day in and day out.
Recognizing them like the back of your hand and how they work is essential. Don’t expect hackers to rely on one system vulnerability. True, the default configuration of your Windows OS, a weak password, and a server hosted on a wireless network may not be huge liabilities on their own.
But a hacker won’t rely on any of them to launch a successful attack. You can be certain that he’ll use these vulnerabilities and others, and allow them to snowball into a bigger threat and exploit it. With that in mind, let’s take a look at different attacks that you should protect your systems from:
Hacker Attacks Type 1
First on our list are non-technical attacks. Needless to say, these attacks don’t rely on technical stuff and issues. Instead, they focus more on manipulating people – and that includes you. Believe me, they’re the biggest vulnerabilities around. The trusting nature of humans can be easily taken advantage of.
They include social engineering, breaking into buildings, looking at trash bins for passwords, network diagrams, and other intellectual property and information.
Hacker Attacks Type 2
Next on our list are network-infrastructure attacks. It’s one of the easiest ways to launch an attack. Think about it, any network can be reached anywhere from the world with the right tools and with the help of the internet.
Here are some examples:
- Connecting to a network using a rogue modem.
- Exploiting network transfer protocols and mechanisms.
- Bombarding a network with illegitimate requests resulting into denial of service (DOS) for rlegit requests for access.
- Installing a network analyzer to capture every packet of information
- Using an insecure 802.11b wireless to piggyback to a network.
Hacker Attacks type 3
Many hackers love attacking and hacking operating systems especially Windows and Linux since they’re widely used and they’re notoriously known for lots of bugs and vulnerabilities. Here are some examples of operating system attacks:
- Breaking file security systems and cracking passwords
- Attacking pre-installed authentication systems
- Exploiting certain protocols and protocol implementations.
- And that’s just to name a few!
Hacker Attacks Type 4
Applications and programs are also favorites by hackers. Stuff like e-mail server applications and web based applications take a lot of beating from hackers. Samples are:
- HTTP since many firewalls allow them to have full access to these programs
- Spam that’ll decimate your storage capabilities and resources.
- Malicious software like viruses, worms, Trojans, etc that can be found on the internet.