Who are ethical hackers?
These early efforts provide good examples of ethicalhackers. Successful ethical hackers possess a variety
of skills. First and foremost, they must be completely
trustworthy. While testing the security of a
client’s systems, the ethical hacker may discover information
about the client that should remain secret.
In many cases, this information, if publicized,
could lead to real intruders breaking into the systems,
possibly leading to financial losses. During an
evaluation, the ethical hacker often holds the “keys
to the company,” and therefore must be trusted to
exercise tight control over any information about a
target that could be misused. The sensitivity of the
information gathered during an evaluation requires
that strong measures be taken to ensure the security
of the systems being employed by the ethical hackers
themselves: limited-access labs with physical security
protection and full ceiling-to-floor walls, multiple
secure Internet connections, a safe to hold paper
documentation from clients, strong cryptography to
protect electronic results, and isolated networks for
testing.
Ethical hackers typically have very strong programming
and computer networking skills and have been
in the computer and networking business for several
years. They are also adept at installing and maintaining
systems that use the more popular operating
systems (e.g., UNIX** or Windows NT**) used on target
systems. These base skills are augmented with
detailed knowledge of the hardware and software
provided by the more popular computer and networking
hardware vendors. It should be noted that
an additional specialization in security is not always
necessary, as strong skills in the other areas imply
a very good understanding of how the security on
various systems is maintained. These systems management
skills are necessary for the actual vulnerability
testing, but are equally important when preparing
the report for the client after the test.
Finally, good candidates for ethical hacking have
more drive and patience than most people. Unlike
the way someone breaks into a computer in the move.
No comments:
Post a Comment