The World Of Moral Hacking
The use of the term “hacker” to refer to a computer expert with bad intentions is an inappropriate name. A hacker is someone with a high level of computer experience, no matter how they use it. There are three types of hackers: black, white, and gray. Black, of course, they are malicious; whites are good hackers; as the name suggests, gray jumps between two fields.
Moral hacking done with good intentions and are grouped under white hackers. Black hackers are done with bad and malicious intentions. Gray hackers are the ones that lie between white and black hackers.
“USA Today” analyzes penetration testers (“pens”), also known as ethical hackers (certified ethical hacker courses). More and more companies are being hired by companies and security companies to see what works and what doesn’t. This article provides a good summary. The most interesting part of this article deals with the relative success of hackers in customer offices. Experts say he is almost 100% successful in getting 80% to 90% of the company’s internal systems. Conversely, if you start from the other side of the firewall, a strong perimeter defense can reduce your success rate by 20% to 30%. At the very least, this suggests that the focus on peripheral defense in recent years has been successful.
Recent SC journal articles clarify the potential benefits and major issues of penetration testing, and the article reports to the National Institute of Standards and Technology (NIST) recommendations that these programs are standard agent tools. federal. The benefits are obvious: pencil testing can help identify and fix loopholes before criminals or terrorists.
The downside is that the training of personnel in this task is similar to the training of firearms: there is no guarantee that knowledge will not ignite at the source. In fact, much of this article describes the need to supervise these operations and the people who perform them. NIST recommends using outsiders to ensure that people working for agencies do not minimize problems and reduce the risk of disgruntled former employee organization attacks. These suggestions will be completed by the end of this month and will be released in March to tell the story.
Obviously, this is an interesting and hot topic. It seems that the quality of the prosperous tests varies, and the field should experience fierce competition. This is a good overview of ethical hackers in free technical information tips. First, the author describes the contract, called the “Jail Out” card, because it frees any criminal responsibility of the hacker. This is necessary because most of the ethical hackers do crimes. It is important for organizations to consult with a lawyer before hiring an ethical hacker (certified ethical hacker courses). An obvious question is: If the company compensates the hacker’s lawsuit, if the customer makes a mistake and loses data, will the customer file a lawsuit?
This article describes three things he is trying to find: what information a hacker can have, what the information can do, and whether the organization automatically knows whether the “real” hacker launched the attack.
A recent review of moral piracy and a practitioner, David Jacquet of Mainebiz, tracked the evolution of moral piracy and subtly explained the needs of these people. Persistence issues are the boundaries between white, gray, and black. Hacking is so professional and complex, can companies know for sure that the hackers they invite to attack their networks are really ethical? How does the organization know that all vulnerabilities discovered have been reported to the customer?
It is speculated that this is a question of reputation and trust. At the same time, this is a very difficult assumption.