What an ethical hacker does in testing a system for vulnerabilities and trying as hard as possible to hack into it is called penetration testing. This is a way of seeing how far a person can penetrate a system and get past its security measures. Penetration testing is vastly different from illegal hacking.
First, illegal hacking is done without the system owner's permission. Penetration testing is requested by the owner of the system or network. Then the results are reported to the owner along with suggestions about how to fix the vulnerabilities and problems that were found. The whole purpose is to find holes and fill them, while illegal hacking exploits those holes, usually for the hacker's personal gain or mischievous satisfaction, or both.
A Certified Ethical Hacker is really the only person you should allow to perform penetration testing on your systems. These individuals are given the certification of CEH (Certified Ethical Hacker) by the International Council of E-Commerce Consultants. They're specially trained in techniques used to search for vulnerabilities in a system and exploit them, without damaging the system or causing more problems. They have the same knowledge as a hacker, but they have excellent training on how to use that knowledge to help the owners of the systems they test.
A Certified Ethical Hacker has either taken the formal training required or done self-study along with 2 years of work experience in information security. There is also a CEH examination that must be taken and passed in order for person to become certified. To keep their certified status, continuing education is required. This ensures that all Certified Ethical Hackers are aware of the latest developments in information security.
The penetration testing they perform can be controversial, as in some circles the word "hacker" and the idea of computer hacking at all is viewed with disdain and looked upon as a criminal activity. Because the ethical hacker must approach the system as if going on the attack, many people frown on this approach to computer and network security. But it's also widely considered the best way to find and fix problems.
The Certified Ethical Hacker can use black box or white box penetration testing. White box testing is similar to what might happen if someone inside an organization hacked into vital areas. Black box means that the hacker has no knowledge of the system and will attack it from outside, like a hacker on the Internet who acquires a system's IP address might do. Someone trying to perform black box penetration testing can inadvertently damage a system, but using a Certified Ethical Hacker with lots of experience can greatly reduce that risk.
{ 0 comments... Views All / Send Comment! }
Post a Comment