ETHICAL HACKER
If you have been to a bookstore lately, you've most likely seen
that there is an abundance of books on hacking and "how to hack."
Until now, few organizations have worked toward quantifying ethical hacking,
defining its legalities, or specifying its useful role in modern organizations.
This is what the EC-Council is attempting to do with this certification.
An ethical hacker is most similar to a penetration
tester. The ethical hacker is an individual who is employed or contracted to
undertake an attempted penetration test. These individuals use the same methods
employed by hackers. In case you were unsure; hacking is a felony in the United
States. Ethical hackers have written authorization to probe a network. Only
then is this attempted hack legal, as there is a contract between the ethical
hacker and the organization. In 1995, long before today's more stringent
guidelines, one individual received 3 felony counts, 5 years probation, 480
hours of community service, and a $68,000 legal bill for failing to insure
proper authorization. Don't let this happen to you! Primarily, ethical hackers are employed in groups to
perform penetration tests. These groups are commonly referred to as "Red
Teams." These individuals are being paid by the organization to
poke, prod, and determine the overall level of security. Again, what is
important here is that they have been given written permission to perform this
test and have detailed boundaries to work within. Don't be lulled into
believing that the penalties for illegal penetration are low, it is a felony! Organizations must secure their IT infrastructure and
networks. Just as corporations employ auditors to routinely examine financial
records, so should corporations audit security policy. We have all seen the
havoc that a lack of real financial audits can cause. Just as accountants
perform bookkeeping audits, ethical hackers perform security audits. Without
security audits and compliance controls, no real security exists. This is a big
problem. There are plenty of individuals waiting to test and probe your
organization's security stance. These individuals range from government and
corporate spies, to hackers, crackers, script kiddies, or those who write and
release malicious code into the wild. Their presence in your network in not a
good thing! When ethical hackers track down computer criminals, do they
risk prosecution themselves? Security researchers at this week's Usenix conference in
Boston believe this is a danger, and that ethical hackers have to develop a
uniform code of ethics for themselves before the federal government decides to
take action on its own. Who Are Ethical Hackers?
How is Ethical Hacking Performed?
Why must organization have a Ethical Hackers?
The legal risks of ethical hacking
|