Feb 28, 2012
This lesson proves that security is based on the CIA triad. This triad considers confidentiality, integrity, and availability. The application of the principles of the CIA triad must be applied to Information Technology (IT) networks and their data. The data must be protected in storage and in transit.
Because the organization cannot provide complete protection for all of its assets, a system must be developed to rank risk and vulnerabilities. Organizations must seek to identify high risk and high impact events for protective mechanisms. Part of the job of an ethical hacker is to identify potential vulnerabilities to these critical assets and test systems to see whether they are vulnerable to exploits.
The activities described are security tests. Ethical hackers can perform security tests from an unknown perspective, blackbox testing, or with all documentation and knowledge, whitebox testing. The type of approach to testing that is taken will depend on the time, funds, and objective of the security test. Organizations can have many aspects of their protective systems tested, such as physical security, phone systems, wireless access, insider access, or external hacking. To perform these tests, ethical hackers need a variety of skills. They must be adept in the technical aspects of network but also understand policy and procedure. No single ethical hacker will understand all operating systems, networking protocols, or application software, but that’s okay, as security tests are performed by teams of individuals where each brings a unique skill to the table.
So, even though “God-like” knowledge isn’t required, an ethical hacker does need to understand laws pertaining to hackers and hacking. He must also understand that the most important part of the pre-test activities is to obtain written authorization. No test should be performed without the written permission of the network or service. Following this simple rule will help you stay focused on the legitimate test objectives and help protect you from any activities or actions that might be seen as unethical.
Tags : Ethical Hacking