Datasheet
16
Part I: Building the Foundation for Ethical Hacking
Application and other specialized attacks
Applications take a lot of hits by hackers. Programs, such as e-mail server
software and Web applications, are often beaten down:
✓ Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol
(SMTP) applications are frequently attacked because most firewalls and
other security mechanisms are configured to allow full access to these
services from the Internet.
✓ Voice over Internet Protocol (VoIP) faces increasing attacks as it finds
its way into more and more businesses.
✓ Unsecured files containing sensitive information are scattered through-
out workstation and server shares, and database systems contain
numerous vulnerabilities that malicious users can exploit.
Ethical hackers carry out such attacks against computer systems, physi-
cal controls, and people and highlight any associated weaknesses. Parts II
through V of this book cover these attacks in detail, along with specific coun-
termeasures you can implement against attacks against your business.
Obeying the Ethical Hacking
Commandments
Every ethical hacker must abide by a few basic commandments. If not, bad
things can happen. I’ve seen these commandments ignored or forgotten when
planning or executing ethical hacking tests. The results weren’t positive —
trust me.
Working ethically
The word ethical in this context means working with high professional
morals and principles. Whether you’re performing ethical hacking tests
against your own systems or for someone who has hired you, everything
you do as an ethical hacker must be aboveboard and must support the com-
pany’s goals. No hidden agendas allowed!
Trustworthiness is the ultimate tenet. The misuse of information is absolutely
forbidden. That’s what the bad guys do. Let them receive a fine or go to
prison because of their poor choices.