Manualshelf

Datasheet

ManualsBrandsFor Dummies Manualsbooks978-0-470-55093-9
12345678910
11
Chapter 1: Introduction to Ethical Hacking
Defining malicious user
Malicious users — meaning a rogue employee, contractor, intern, or other
user who abuses his or her privileges — is a common term in security circles
and in headlines about information breaches. A long-standing statistic states
that insiders carry out 80% of all security breaches. Whether this number
is accurate is still questionable, but based on what I’ve seen and numerous
annual surveys, undoubtedly an insider problem makes up the majority of all
computer breaches.
The issue is not necessarily users “hacking” internal systems, but rather
users who abuse the computer access privileges they’ve been given. Users
ferret through critical database systems to glean sensitive information,
e-mail confidential client information to the competition or other third par-
ties, or delete sensitive files from servers that they probably didn’t need to
have access to in the first place. There’s also the occasional ignorant insider
whose intent is not malicious but who still causes security problems by
moving, deleting, or corrupting sensitive information.
Malicious users are often ethical hackers’ worst enemies because they know
exactly where to go to get the goods and don’t need to be computer savvy to
compromise sensitive information. These users have the access they need
and the management trusts them without question.
Recognizing How Malicious Attackers
Beget Ethical Hackers
You need protection from hacker shenanigans; you need (or need to become)
an ethical hacker. An ethical hacker possesses the skills, mindset, and tools
of a hacker but is also trustworthy. Ethical hackers perform the hacks as
security tests for their systems based on how hackers might work.
Ethical hacking — which encompasses formal and methodical penetration
testing, white hat hacking, and vulnerability testing — involves the same tools,
tricks, and techniques that hackers use, but with one major difference: Ethical
hacking is performed with the target’s permission. The intent of ethical hack-
ing is to discover vulnerabilities from a malicious attacker’s viewpoint to
better secure systems. Ethical hacking is part of an overall information risk
management program that allows for ongoing security improvements. Ethical
hacking can also ensure that vendors’ claims about the security of their prod-
ucts are legitimate.