bahar12
۱۶ دی ۱۳۸۷, ۰۹:۳۰
With the growth of the Internet, computer security has become a major concern for businesses and governments. They want to be able to take advantage of the Internet for electronic commerce, advertising, information distribution and access, and other pursuits, but they are worried about the possibility of being “hacked.” At the same time,
the potential customers of these services are worried about maintaining control of personal information that varies from credit card numbers to social security numbers and home addresses.In their search for a way to approach the problem, organizations came to realize that one
of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems. This scheme is similar to having independent auditors come into an organization to verify its bookkeeping records. In the case of computer security, these “tiger teams” or “ethical hackers” would employ the same tools and techniques as the
intruders, but they would neither damage the target systems nor steal information. Instead, they would evaluate the target systems’ security and report back to the owners with the vulnerabilities they found and instructions for how to remedy them
Who are Ethical Hackers?
“One of the best ways to evaluate the intruder threat is to
have an independent computer security professionals
attempt to break their computer systems”
Successful ethical hackers possess a variety of skills. First and foremost, they must be
completely trustworthy. While testing the security of a client’s systems, the ethical hacker
may discover information about the client that should remain secret. In many cases, this
information, if publicized, could lead to real intruders breaking into the systems, possibly
leading to financial losses. During an evaluation, the ethical hacker often holds the “keys
to the company,” and therefore must be trusted to exercise tight control over any
information about a target that could be misused. The sensitivity of the information
gathered during an evaluation requires that strong measures be taken to ensure the
security of the systems being employed by the ethical hackers themselves: limited-access
labs with physical security protection and full ceiling-to-floor walls, multiple secure
Internet connections, a safe to hold paper documentation from clients, strong
cryptography to protect electronic results, and isolated networks for testing.
Ethical hackers typically have very strong programming and computer networking skills
and have been in the computer and networking business for several years. They are also
adept at installing and maintaining systems that use the more popular operating systems
(e.g., Linux or Windows 2000) used on target systems. These base skills are augmented
with detailed knowledge of the hardware and software provided by the more popular
computer and networking hardware vendors. It should be noted that an additional
specialization in security is not always necessary, as strong skills in the other areas imply
a very good understanding of how the security on various systems is maintained. These
systems management skills are necessary for the actual vulnerability testing, but are
equally important when preparing the report for the client after the test.
the potential customers of these services are worried about maintaining control of personal information that varies from credit card numbers to social security numbers and home addresses.In their search for a way to approach the problem, organizations came to realize that one
of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems. This scheme is similar to having independent auditors come into an organization to verify its bookkeeping records. In the case of computer security, these “tiger teams” or “ethical hackers” would employ the same tools and techniques as the
intruders, but they would neither damage the target systems nor steal information. Instead, they would evaluate the target systems’ security and report back to the owners with the vulnerabilities they found and instructions for how to remedy them
Who are Ethical Hackers?
“One of the best ways to evaluate the intruder threat is to
have an independent computer security professionals
attempt to break their computer systems”
Successful ethical hackers possess a variety of skills. First and foremost, they must be
completely trustworthy. While testing the security of a client’s systems, the ethical hacker
may discover information about the client that should remain secret. In many cases, this
information, if publicized, could lead to real intruders breaking into the systems, possibly
leading to financial losses. During an evaluation, the ethical hacker often holds the “keys
to the company,” and therefore must be trusted to exercise tight control over any
information about a target that could be misused. The sensitivity of the information
gathered during an evaluation requires that strong measures be taken to ensure the
security of the systems being employed by the ethical hackers themselves: limited-access
labs with physical security protection and full ceiling-to-floor walls, multiple secure
Internet connections, a safe to hold paper documentation from clients, strong
cryptography to protect electronic results, and isolated networks for testing.
Ethical hackers typically have very strong programming and computer networking skills
and have been in the computer and networking business for several years. They are also
adept at installing and maintaining systems that use the more popular operating systems
(e.g., Linux or Windows 2000) used on target systems. These base skills are augmented
with detailed knowledge of the hardware and software provided by the more popular
computer and networking hardware vendors. It should be noted that an additional
specialization in security is not always necessary, as strong skills in the other areas imply
a very good understanding of how the security on various systems is maintained. These
systems management skills are necessary for the actual vulnerability testing, but are
equally important when preparing the report for the client after the test.