Manualshelf

Datasheet

ManualsBrandsFor Dummies Manualsbooks978-0-470-55093-9
12345678910
17
Chapter 1: Introduction to Ethical Hacking
Respecting privacy
Treat the information you gather with the utmost respect. All information
you obtain during your testing — from Web application log files to clear text
passwords to personally identifiable information and beyond — must be kept
private. Don’t snoop into confidential corporate information or employees’
private lives. If you sense that a colleague or team member breaches privacy
and you feel like someone should know about it, consider sharing that infor-
mation with the appropriate manager or project sponsor.
Involve others in your process. Employ a watch-the-watcher system that can
help build trust and support for your ethical hacking projects.
Not crashing your systems
One of the biggest mistakes I’ve seen people make when trying to hack their
own systems is inadvertently crashing the systems they’re trying to keep
running. Poor planning is the main cause of this mistake. These testers either
have not read the documentation or misunderstand the usage and power of
the security tools and techniques at their disposal.
Although it’s not likely, you can create DoS conditions on your systems when
testing. Running too many tests too quickly can cause system lockups, data
corruption, reboots, and more. I should know: I’ve done it! Don’t rush and
assume that a network or specific host can handle the beating that network
tools and vulnerability scanners can dish out.
Many vulnerability scanners can control how many tests are performed on a
system at the same time. These tools are especially handy when you need to
run the tests on production systems during regular business hours.
You can even accidentally create an account or system lockout condition
by socially engineering someone into changing a password, not realizing the
consequences of your actions.
Using the Ethical Hacking Process
Like practically any IT or security project, ethical hacking needs to be
planned. It’s been said that action without planning is at the root of every
failure. Strategic and tactical issues in the ethical hacking process need to be
determined and agreed upon. To ensure the success of your efforts, spend
time up front planning for any amount of testing — from a simple password-
cracking test to an all-out penetration test on a Web application.